Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

To Improve Workforce Diversity, Widen The Search, Feed Infosec Talent Pipeline
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
3/12/2016 | 5:54:10 AM
To improve diversity, train the top
Edgar Perez teaches a 3 Day Masterclass in Cybersecurity designed for C-level executives and senior managers. Furthermore, he is offering cyber security workshops for boards of directors and CEOs worldwide. He is the author of The Speed Traders and Knightmare on Wall Street, and his comprehensive training programs have been widely recognized by the media for his independent and non-biased approach.
User Rank: Strategist
3/11/2016 | 1:03:05 PM
Re: "Sweetie, those toys are meant for boys!"
Thank you for providing more information.  I certainly cannot speak to the cultural atmosphere regarding women and STEM careers in Columbia.  I do hope things continue to improve for women down there.
User Rank: Apprentice
3/10/2016 | 10:44:51 PM
Re: "Sweetie, those toys are meant for boys!"
Thanks for your comments, and it's great to hear about those activities taking place near you.

I apologize for not giving first a bit of context - My country (Colombia) is a developing nation with a kinda-sexist society. Sure, lots of improvements have been made in the last few years, but even today you can hear and "feel" certain sexist conducts against women. A small example - Girls who decide not to have kids are usually met with heavy social backslash. Their families and friends constantly nag them for "not contributing to society", "being selfish", "aiming to become a lonely person", and other ridiculous statements. But back to our topic: As I mentioned, women in my country are sometimes met with social backslash for showing interest in science & IT subjects and careers.

I absolutely agree with you - It's not like "girls can't be scientists or IT professionals" around here in Colombia. If a girl wants to do so, she'll make it like any other person. What I meant was that those girls will sometimes be seen as "awkward", "weird", "not very feminine", and (again) other ridiculous statements.
User Rank: Strategist
3/10/2016 | 3:45:16 PM
Re: "Sweetie, those toys are meant for boys!"
What are you talking about?  My children's school has engineering and STEM fairs held only for girls.  Our local community college holds STEM days for the females in the local high schools.  I have seen numerous commercials for women in stem fields as well.  Girls are being shoved towards these fields and they simply don't want to enter them.  In fact, the more egalitarian a society the less likely women are to enter STEM fields, it is only when STEM jobs are the only option for a decent salary (like in many developing nations) that women flock to them.  The more choices a woman has the less likely she is to choose STEM.  Please tell me the last time you heard a girl told that she couldn't be a scientist or an IT professional.  I haven't heard that in at least 25 years.  
User Rank: Apprentice
3/9/2016 | 3:46:14 PM
"Sweetie, those toys are meant for boys!"
Although it's true companies have to "broaden the pool", I believe another important factor is how science and IT topics are shown to kids. Specifically, girls in some cultures are discouraged of getting in touch with tech & science subjects, hobbies, and toys because "those things are meant for men" and "they aren't feminine". Even worse, that social scolding is done by both men and women.

Of course it's not the sole reason of the whole "diversity gap". But societies need to further evolve and to put past them all those sexist and racist ideas. I can only hope I live long enough to see it with my own eyes =)
User Rank: Strategist
3/3/2016 | 11:00:17 AM
Broaden the pool
"Yes, we all want the best candidates," says Joseph, "but broaden the pool." She suggests actively recruiting women and people of color, by going to them instead of waiting for them to find you through the same old channels.


If you want to "broaden the pool" then you should be trying to get as many poeple as possible to apply, not just as many "people of color" or "women" as possible.  The fact of the matter is the pool already consists of the majority of people, almost anybody who wants to become an IT security professional can self educate (serveral ivy league colleges have their class materials online for free).  If someone is too poor to even have a computer at home they can use the public library.  In fact the largest demographic that is probably truely cut off from the profession would be those who live in poor rural areas (often there is no public transportation to take them to a public library that could be 50 miles away.  If you truely want to broaden the pool then the best way to do it is to help that demographic regardless of the racial or gender makeup of the population that needs access to these programs.  


I really tire of the "we must have diversity" crowd.  This is the same group of people who will tell you that race or gender don't matter and then turn around and demand racial or gender quotas.  How about we hire based upon merit and recruit those that have a desire to learn and leave it at that!
User Rank: Strategist
3/2/2016 | 10:43:36 AM
can lead a horse to water
While I was able to brainwash my daughters to love Dr Who, computer gaming and the science genre, they were still more captivated by human drama in customer support and education fields.   They are smart and 'workaholic' (lol), but, they have told me that due to their gender and race, they have been able to go whereever they wanted in IT. They are were they want to be and only limit themselves. So, when, I see my employer advertise only in minority associations and such schemes to increase diversity, I wonder if we are looking for the best candidates or wanting to checkbox a statistic.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-12-05
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VD...
PUBLISHED: 2022-12-05
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely...
PUBLISHED: 2022-12-05
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASK...
PUBLISHED: 2022-12-05
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKa...
PUBLISHED: 2022-12-05
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.