Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

3/1/2016
01:44 AM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

To Improve Workforce Diversity, Widen The Search, Feed Infosec Talent Pipeline

RSA Conference 2016: Session panelists offered practical tips on how to attract more women and minorities, and challenged attendees to do some soul-searching.

SAN FRANCISCO, RSA Conference, Monday Feb. 29 -- Overlapping themes arose today in sessions about improving the cybersecurity workforce's ethnic and gender diversity, at the RSA Conference.

Panelists for "Bridging the Great Minority Cyber Divide--Social and Cultural Dynamics" and "Should I Stay or Should I Go? How to Attract/Retain Women in the Industry" gave some similar advice to attendees on how to improve diversity within their own infosec teams and within the industry at large.

From a practical standpoint, panelists spoke of the importance of widening the applicant pool of qualified job applicants and supporting a more robust pipline of young talent -- from elementary school, straight through college, without losing them. They also spoke more deeply, about looking inward to recognize one's own biases and the uncomfortable role of being "the only one in the room," (as in the only minority person, or the only woman).

"That feeling of being the only one in the room is very real," said Yonesy Núñez, moderator of the Bridging the Minority Cyber Divide session and membership programs co-chair of the International Consortium of Minority Cybersecurity Professionals.

Núñez asked the panelists whether corporate "inclusion" efforts were effective. Panelist Devon Bryan, vice president and Global CISO of ADP LLC said that the business case for diversity has definitely been made, and focused on the importance -- now -- of improving the diversity of the talent pipeline. Yet, panelist Cecily Joseph, vice president of corporate responsibility and chief diversity officer for Symantec, said "In a lot of cases, the business case [for workforce diversity] really hasn't been made ... I would shudder to think where we'd be if those [inclusion] programs didn't exist."

One of the troubles Joseph and other panelists throughout the day said they face is that the argument used against diversity initiatives is "but we want the best candidates."

"Yes, we all want the best candidates," says Joseph, "but broaden the pool." She suggests actively recruiting women and people of color, by going to them instead of waiting for them to find you through the same old channels.

Panelist Kevin McKenzie, CISO of Clemson University, also suggested a general rule for meeting more qualified applicants was to move items out of "required skills" into "preferred skills," on the job description so they wouldn't be so quickly rejected by the HR vetting process.

Kerry Matre, a member of the women in security panel, and Hewlett Packard Enterprise's security services team, suggested using some resources from the National Center for Women and Information Technology, like their tips for conducting inclusive searches for job candidates and their "Male Allies and Advocates Toolkit."  

"Be an advocate," Matre suggests. "If you see someone say something inappropriate, immediately say [so]," instead of waiting to comment about it later.

Matre said that although she has never left a job because of a gender or diversity issue, there are times she has come home from an industry conference feeling ready to leave cybersecurity because of interactions that happened there. With that in mind, she challenged the audience to practice being an advocate right away. "I guarantee you, you will hear something inappropriate between now and the time you go to sleep tonight."

Panelist Ping Look, director of security for Optiv, also referenced the inappropriate behavior of men towards her at industry events, particularly early in her career. Other women asked her why she stayed in the cybersecurity industry, enduring that behavior. "I kind of wanted to stay because I was the only woman" Someone has to be first, she said, and if she stayed, she knew other women would come.

When asked about how to retain the women on your team, Gurdeep Kaur, chief security architect at AIG, and panelist on the "Should I Stay or Should I Go" panel recommended, "Don't treat me differently" for being a woman; just an individual. She also suggests to men having trouble engaging their female coworkers: "Don't rule her out. It might not be that she doesn't have things to say, but she doesn't know how to break into that boy's club."

Panel moderator and ISC2 director of business development Elise Yacobellis recommended to the women in the audience, "Be your authentic self," and not just try to fit into the "boy's club."

Matre said that people need to talk more about diversity within their organizations every day, so it becomes a normal conversation, instead of an awkward workshop from time to time. Joseph said diversity needs to be part of the entire business; not just during hiring, but during procurement, philanthropy, and more.

Panelist on the "Should I Stay Or Should I Go Panel" Angela Messer, executive vice-president at Booz Allen Hamilton, said, "We all have our own biases. Take a step back and ask 'Am I giving people opportunities to grow' ... and if not, why not?"

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DorisG987
50%
50%
DorisG987,
User Rank: Strategist
3/12/2016 | 5:54:10 AM
To improve diversity, train the top
Edgar Perez teaches a 3 Day Masterclass in Cybersecurity designed for C-level executives and senior managers. Furthermore, he is offering cyber security workshops for boards of directors and CEOs worldwide. He is the author of The Speed Traders and Knightmare on Wall Street, and his comprehensive training programs have been widely recognized by the media for his independent and non-biased approach.
syntax_attack
100%
0%
syntax_attack,
User Rank: Strategist
3/11/2016 | 1:03:05 PM
Re: "Sweetie, those toys are meant for boys!"
Thank you for providing more information.  I certainly cannot speak to the cultural atmosphere regarding women and STEM careers in Columbia.  I do hope things continue to improve for women down there.
CamiloD
50%
50%
CamiloD,
User Rank: Apprentice
3/10/2016 | 10:44:51 PM
Re: "Sweetie, those toys are meant for boys!"
Thanks for your comments, and it's great to hear about those activities taking place near you.

I apologize for not giving first a bit of context - My country (Colombia) is a developing nation with a kinda-sexist society. Sure, lots of improvements have been made in the last few years, but even today you can hear and "feel" certain sexist conducts against women. A small example - Girls who decide not to have kids are usually met with heavy social backslash. Their families and friends constantly nag them for "not contributing to society", "being selfish", "aiming to become a lonely person", and other ridiculous statements. But back to our topic: As I mentioned, women in my country are sometimes met with social backslash for showing interest in science & IT subjects and careers.

I absolutely agree with you - It's not like "girls can't be scientists or IT professionals" around here in Colombia. If a girl wants to do so, she'll make it like any other person. What I meant was that those girls will sometimes be seen as "awkward", "weird", "not very feminine", and (again) other ridiculous statements.
syntax_attack
100%
0%
syntax_attack,
User Rank: Strategist
3/10/2016 | 3:45:16 PM
Re: "Sweetie, those toys are meant for boys!"
What are you talking about?  My children's school has engineering and STEM fairs held only for girls.  Our local community college holds STEM days for the females in the local high schools.  I have seen numerous commercials for women in stem fields as well.  Girls are being shoved towards these fields and they simply don't want to enter them.  In fact, the more egalitarian a society the less likely women are to enter STEM fields, it is only when STEM jobs are the only option for a decent salary (like in many developing nations) that women flock to them.  The more choices a woman has the less likely she is to choose STEM.  Please tell me the last time you heard a girl told that she couldn't be a scientist or an IT professional.  I haven't heard that in at least 25 years.  
CamiloD
50%
50%
CamiloD,
User Rank: Apprentice
3/9/2016 | 3:46:14 PM
"Sweetie, those toys are meant for boys!"
Although it's true companies have to "broaden the pool", I believe another important factor is how science and IT topics are shown to kids. Specifically, girls in some cultures are discouraged of getting in touch with tech & science subjects, hobbies, and toys because "those things are meant for men" and "they aren't feminine". Even worse, that social scolding is done by both men and women.

Of course it's not the sole reason of the whole "diversity gap". But societies need to further evolve and to put past them all those sexist and racist ideas. I can only hope I live long enough to see it with my own eyes =)
syntax_attack
100%
0%
syntax_attack,
User Rank: Strategist
3/3/2016 | 11:00:17 AM
Broaden the pool
"Yes, we all want the best candidates," says Joseph, "but broaden the pool." She suggests actively recruiting women and people of color, by going to them instead of waiting for them to find you through the same old channels.

 

If you want to "broaden the pool" then you should be trying to get as many poeple as possible to apply, not just as many "people of color" or "women" as possible.  The fact of the matter is the pool already consists of the majority of people, almost anybody who wants to become an IT security professional can self educate (serveral ivy league colleges have their class materials online for free).  If someone is too poor to even have a computer at home they can use the public library.  In fact the largest demographic that is probably truely cut off from the profession would be those who live in poor rural areas (often there is no public transportation to take them to a public library that could be 50 miles away.  If you truely want to broaden the pool then the best way to do it is to help that demographic regardless of the racial or gender makeup of the population that needs access to these programs.  

 

I really tire of the "we must have diversity" crowd.  This is the same group of people who will tell you that race or gender don't matter and then turn around and demand racial or gender quotas.  How about we hire based upon merit and recruit those that have a desire to learn and leave it at that!
DarwinC123
100%
0%
DarwinC123,
User Rank: Strategist
3/2/2016 | 10:43:36 AM
can lead a horse to water
While I was able to brainwash my daughters to love Dr Who, computer gaming and the science genre, they were still more captivated by human drama in customer support and education fields.   They are smart and 'workaholic' (lol), but, they have told me that due to their gender and race, they have been able to go whereever they wanted in IT. They are were they want to be and only limit themselves. So, when, I see my employer advertise only in minority associations and such schemes to increase diversity, I wonder if we are looking for the best candidates or wanting to checkbox a statistic.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.