For a long time in Silicon Valley, the conversations around diversity were limited to water-cooler talk and whispers. Organizations would wear inclusion as a badge on a website or as copy in a job description but fail to take steps toward permanent change. The murders of George Floyd and Breonna Taylor and the protests that followed created a ripple effect throughout the world and brought racial justice issues to the forefront of different sectors, including cybersecurity.
The wakeup call was much needed. According to the US Bureau of Labor, people of color make up less than 20% of the information security analyst jobs in the country. In an industry that consistently requires new ideas to spark positive change and stand out against the status quo, it is necessary to have individuals who think, speak, and act in diverse ways. Otherwise, organizations who echo these statistics risk limiting their competitive advantages, product innovation, and ultimately their chances at successfully stopping cyber adversaries.
Now more than ever before, the entire cybersecurity industry must commit to improving representation and equality for people of all races, ethnicities, genders, and orientations. Below, I have outlined key steps organizations must take to get started.
Start at the Top
The conversation about diversity needs to start at the top. CEOs and other high-level executives need to take a hard look at the people they have at the decision-making table. If they don't have people of color helping to drive strategy for the company, how are they supposed to make changes for those people?
When looking for a job, the first thing most candidates do is research the leadership team on the company website. Potential employees want to know who is making the decisions. If a candidate is a woman of color, for instance, and the leadership team is all white males, she might just see people who may not value her culture or her decisions. A lot of companies overlook this important step. The candidate could be well-qualified and a great fit for the position but still decide not to apply.
From its inception, a cybersecurity company must look to have people of color at the decision-making table. If the company is already established, HR should recruit so that people of all races are represented. To get there, it starts with executives taking a hard look at the unconscious biases around them and having the difficult conversations. By starting at the top, organizations can create a culture of equality.
Provide Opportunities for People of Color
For organizations looking to improve representation, the entire hiring process must be rethought. Leadership needs to provide opportunities for people of color. HR teams and company recruiters should be working together to conduct outreach, not just to underrepresented groups, but also companies who already have initiatives in place. What are other organizations that are successful at diversity and inclusion efforts doing that your company isn't? Are you consistently going back to the same talent pools for new positions? Look at the makeup of the company and reach out to anyone who might be underrepresented.
Companies can also find and research groups that are helping to encourage representation in STEM online, then support them. Women and people of color already in the company should also be advocating to open the doors for others.
Organizations must also look past traditional backgrounds. Cybersecurity teams have been critically understaffed for years. Hiring outside of traditional backgrounds and adding diversity to teams is a way to address the talent gap. Before entering the cybersecurity field, I was working in politics. Where security organizations saw a product, I saw a person. Many of my previous skills did transfer over and have guided me through the ebbs and flows of cybersecurity throughout the past few years.
Commit to Continued Conversation
Despite the deaths of George Floyd and Breonna Taylor shining a spotlight on racial injustices in the US in the summer of 2020, the Black Lives Matter movement has been going strong for years. When devastating events occur, such as the murders last summer, the conversation of inclusion is brought up only to be quelled a few weeks later.
For us to make a lasting impact on the cybersecurity industry, this is one of the most important things to change. Racial injustices have plagued our country for years, so to look to the future of the industry and make strides in diversity, we must commit ourselves to continuing to discuss equality and inclusion, no matter what is going on in the news.
The cybersecurity industry has one enemy: the digital adversary or cybercriminal. Uniting people of all colors, creeds, and genders under a common cause just improves the security posture for all by promoting different ideas and discussions. This can lead to new innovations and approaches in combating cyber-risk.
Whether or not it is Black History Month, Black people, and people of color, must be celebrated, recognized for their achievements, given opportunity, and treated equally in the cybersecurity industry. By starting at the top, broadening recruiting efforts and committing to continued conversation, the cybersecurity industry can achieve equality once and for all.