Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Jim Gordon
Jim Gordon
Connect Directly
E-Mail vvv

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity

Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.

For an industry that has shown aggressive growth over the last decade — and is projected to increase spending by 9.4% from 2018 to 2019 — the cybersecurity market continues to see more breaches and more money and data stolen. I believe that diversity and inclusion should be a foundational element for driving the advancement of cybersecurity, one that can rapidly improve those outcomes. But unfortunately, that isn't a reality today. According to a recent study, women represent just 24% of the cybersecurity workforce today, and they're getting paid nearly 12% less than men. This industry can do better. But how?

While many organizations are working to solve diversity issues such as gender and ethnic disparity, the overall industry is still a serial laggard. This is puzzling considering the fact that we have negative unemployment with the average security salary currently at US$91,500. Despite these well-paying, abundant job opportunities, clicks on job listings in 2018 decreased by 1.3%. There are many factors contributing to these numbers, but one major influence is that the security market is much like general tech was 25 years ago. Innovation is fast and furious, and start-up culture is rampant. This can result in a lack of diversity, which can alienate the many minority demographics that make up a significant portion of the total available workforce.

An industry culture defined by diversity and inclusion can bring about the type of new ideas and approaches that spur innovation and solve age-old problems. What exactly do I mean by diversity and inclusion? It's about having a workplace that's open to all, that represents varying perspectives from many different backgrounds — one that's closed to none. It's about making sure each member of your workforce is empowered daily to contribute in a way that realizes their maximum innate potential, which ultimately contributes to the success of the organization at large.

Sparking cultural shifts within an organization — and throughout an entire industry — can feel like a monumental task, but the juice is well worth the squeeze. Working at Intel, I've had the opportunity to be on the front lines of the diversity and inclusion work, and I'm heartened by the progress we're beginning to make, starting with three key elements:

Leadership: A top-down organizations starts with the CEO or other top leadership executives making a public commitment and sharing the specific terms of that commitment. This absolutely has to include a set of defined (quantitative) outcomes and a clear-cut time frame by which to measure progress and results. From there, these same leadership representatives must show up, quarter after quarter and year after year, to publicly renew those commitments and provide insight into the advancements that have been made along the way. A group of our most senior leaders meet with our chief diversity and inclusion officer every month.

Investment: Many corporate projects or initiatives use incremental funding. However, to truly affect meaningful change, diversity and inclusion programs require investment on a completely different scale. For example, recruiting diverse candidates straight out of school means you have to dramatically expand the roster of universities with which you engage. If you want to close the pay gap and introduce more inclusive benefits, you must allocate the appropriate funding.

Permanent change: Diversity and inclusion is not an HR function or policy, led and administered by a single division within a company. These programs need to be adopted broadly throughout the organization, and supported indefinitely by employees in every department, at every level. Progress must be measured regularly, reported on publicly and adjusted frequently. A permanent commitment to diversity and inclusion changes everything — from how you run meetings and write job descriptions to how you manage compensation and promotions, and much more.

Implementing a new diversity program or revamping an existing initiative will involve a defined strategy. Consider these four steps:

1. Start with a baseline. Establish a quantitative diversity benchmark for where you stand as an organization. What is your current demographic breakdown? How do employees feel about diversity and inclusion issues? Why do employees leave the company? Ask the right questions up front, and you'll set a baseline that allows you to better understand how to set goals and quantify success over the long term.

2. Don't reinvent the wheel. There's a ton of great resources available in the market to help you build a successful diversity program. Find out what's worked for other organizations, modify those initiatives to fit your organization's needs, and commit to iterating regularly along the way.

3. Try new things. Many organizations fail over and over again with basic HR-driven diversity programs, expecting different results each time. Don't be afraid to aim high, make adjustments along the way, and be creative. As you begin to see progress, you'll need to fine-tune your goals, priorities, and measurement along with it.

4. Make it collective. While HR departments certainly play an important role in the change process, to generate a historic cultural shift you need commitment that starts at the top and companywide involvement that permeates every department and level. While there are a lot of different program elements organizations can bring to bear to influence diversity and inclusion, one every organization should consider is an "ally" program. At Intel our ally program is designed to encourage all employees to be allies in the workplace by demonstrating five key behaviors: be visible, listen and learn, reflect, challenge and advocate.

The good news is that today, more organizations in the cybersecurity market across the world are making diversity and inclusion a top business priority. That said, women and other minority groups are still vastly underrepresented and we have a long way to go. An industrywide shift in culture won't happen overnight, but by following key principles and best practices, you can begin accelerating your organization's path toward diversity and inclusion.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How a PIA Can CYA."

Jim Gordon is an Intel veteran of 20+ years and has held a variety of roles over this time. Most notably he served 3.5 years as chief of staff and technical assistant to Intel's then president Renée James.  He currently is GM of Ecosystem & Business ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...