Editor’s note: This article is from MK Palmore, director of the office of the CISO at Google Cloud. If you would like to submit a guest article, you can submit it here.
With recent cyberattacks against organizations of all sizes and governments alike, the importance of sharpening cybersecurity across sectors has been recognized globally as a top concern.
However, according to research published by security industry nonprofit ISC(2), while the global cybersecurity workforce added 464,000 jobs over the past year, there is still an employment gap of more than 3.4 million positions. While cybersecurity remains one of the most critical challenges organizations are facing, roles continue to go unfilled.
So, how do we address this disparity? One solution is to prioritize diversity, equity and inclusion, and recognize how it can impact an organization's security posture for the better.
While some industry professionals actively pursue diversity in tech, the numbers show that the majority of security teams fail to put ideas around DEI into practice. Recent findings from the Aspen Digital Tech Policy report note only 4% of cybersecurity workers self-identify as Hispanic, 9% as Black, and 24% as women. Collective cybersecurity ultimately depends on having a diverse, skilled workforce that can implement and transform it.
As leaders align on their focus for 2023, CISOs should prioritize increasing diversity on their teams and finding new ways to reach untapped talent.
Why DEI matters for CISOs and the cybersecurity industry overall
Software supply chain security remains a critical national security risk. Financially-motivated attacks like ransomware have been studied and documented for decades. Distributed denial-of-service (DDoS) attacks are increasing in frequency and growing in size.
Threat actors continue to act on poor cyber hygiene and use social engineering to capitalize on our own human vulnerability.
These are just a few of the top concerns across our industry and yet, while these issues are top of mind and widely agreed upon, the solutions to these challenges over the past few decades remain the same.
This is why diversity in cybersecurity is so critical. CISOs need to stop thinking about how we can solve cybersecurity issues in silo, and instead consider how embracing diverse perspectives may prompt more creative solutions.
Different mindsets can bring new and better solutions to the table that can mitigate advanced cyberthreats. In security, we work to solve complex problems that often don’t have a clear solution. Addressing the diversity issue in cybersecurity will help us move to the next stage of security itself.
As cyberattacks increase in frequency and complexity, organizations need unique ideas to detect and defend against emerging threats. Organizations need to embrace individuals from non-traditional talent pools to stay one step ahead.
With new talent comes new ideas and solutions – and embracing perspectives from people with different backgrounds will help organizations anticipate future threats, build solutions in preparation, and avoid potential large scale attacks.
What can CISOs do to move the diversity needle?
There are several steps security leaders can take to increase diversity, equity, and inclusion in their organizations this coming year and beyond.
Hiring managers need to widen the lens.
We must broaden the scope in which talent is identified. This starts with building job descriptions that provide more detail, and are focused on the requirements necessary for success in the role.
Is a traditional four-year college degree necessary, for instance? Challenge the listed bullet points.
The interview process should not just focus on the technical skills a candidate might have, but also take into account a candidate’s level of interest and overall aptitude to be successful.
In doing so, this allows for non-traditional applicants – like those making a career change – to be considered for roles where they bring experience and innovative thinking that may not have traditionally been considered.
Organizations must embrace ongoing training and employee development.
Industry leaders need to build training programs that are targeted for their existing workforce but also provide assistance for those wanting to break into the industry.
Training shouldn’t stop after the initial onboarding process, or be closed off to members of the security organization we must be open to implementing training and development programs that can help anyone sharpen their cybersecurity skillset, no matter their level of proficiency.
Leaders need to drive awareness of career opportunities in security.
For the security industry to scale and evolve, CISOs and security leaders must communicate externally that security is an industry of opportunity even for those interested in topics outside of traditional computer science.
Organizations should consider finding ways to engage with college and even high school students to challenge the traditional perception of a career in technology, and help them understand that, in many cases, it is a more viable career path than they may perceive.
Prioritize retainment through mentorship.
It is crucial for organizations to continuously train and mentor their current employee base in order to enable additional growth.
Community-based mentor/mentee relationships are important for information sharing and brainstorming out-of-the-box ways to tackle emerging threats – and a key component to retaining diverse industry talent.
Expanding professional networks.
Networking has long been the immeasurable social component to a successful career trajectory. Building a successful network can be challenging, but there are tools and organizations available to help drive the desired outcomes.
Those hoping to enter the field should continue to build an individual brand with tools like LinkedIn and other professional social media platforms, consider blogging or writing thought leadership on areas of passion or expertise, and explore one of the many nonprofits focused on supporting diverse career goers in all phases of their cybersecurity journey.
As CISOs look to navigate cybersecurity challenges in 2023, it will be essential for leaders to provide fresh perspectives and solutions.
Cybersecurity is a team sport, so it’s important that CISOs create a diverse team of players that can help tackle these challenges and contribute to the industry’s overall progression.