Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Jim Gordon
Jim Gordon
Connect Directly
E-Mail vvv

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity

Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.

For an industry that has shown aggressive growth over the last decade — and is projected to increase spending by 9.4% from 2018 to 2019 — the cybersecurity market continues to see more breaches and more money and data stolen. I believe that diversity and inclusion should be a foundational element for driving the advancement of cybersecurity, one that can rapidly improve those outcomes. But unfortunately, that isn't a reality today. According to a recent study, women represent just 24% of the cybersecurity workforce today, and they're getting paid nearly 12% less than men. This industry can do better. But how?

While many organizations are working to solve diversity issues such as gender and ethnic disparity, the overall industry is still a serial laggard. This is puzzling considering the fact that we have negative unemployment with the average security salary currently at US$91,500. Despite these well-paying, abundant job opportunities, clicks on job listings in 2018 decreased by 1.3%. There are many factors contributing to these numbers, but one major influence is that the security market is much like general tech was 25 years ago. Innovation is fast and furious, and start-up culture is rampant. This can result in a lack of diversity, which can alienate the many minority demographics that make up a significant portion of the total available workforce.

An industry culture defined by diversity and inclusion can bring about the type of new ideas and approaches that spur innovation and solve age-old problems. What exactly do I mean by diversity and inclusion? It's about having a workplace that's open to all, that represents varying perspectives from many different backgrounds — one that's closed to none. It's about making sure each member of your workforce is empowered daily to contribute in a way that realizes their maximum innate potential, which ultimately contributes to the success of the organization at large.

Sparking cultural shifts within an organization — and throughout an entire industry — can feel like a monumental task, but the juice is well worth the squeeze. Working at Intel, I've had the opportunity to be on the front lines of the diversity and inclusion work, and I'm heartened by the progress we're beginning to make, starting with three key elements:

Leadership: A top-down organizations starts with the CEO or other top leadership executives making a public commitment and sharing the specific terms of that commitment. This absolutely has to include a set of defined (quantitative) outcomes and a clear-cut time frame by which to measure progress and results. From there, these same leadership representatives must show up, quarter after quarter and year after year, to publicly renew those commitments and provide insight into the advancements that have been made along the way. A group of our most senior leaders meet with our chief diversity and inclusion officer every month.

Investment: Many corporate projects or initiatives use incremental funding. However, to truly affect meaningful change, diversity and inclusion programs require investment on a completely different scale. For example, recruiting diverse candidates straight out of school means you have to dramatically expand the roster of universities with which you engage. If you want to close the pay gap and introduce more inclusive benefits, you must allocate the appropriate funding.

Permanent change: Diversity and inclusion is not an HR function or policy, led and administered by a single division within a company. These programs need to be adopted broadly throughout the organization, and supported indefinitely by employees in every department, at every level. Progress must be measured regularly, reported on publicly and adjusted frequently. A permanent commitment to diversity and inclusion changes everything — from how you run meetings and write job descriptions to how you manage compensation and promotions, and much more.

Implementing a new diversity program or revamping an existing initiative will involve a defined strategy. Consider these four steps:

1. Start with a baseline. Establish a quantitative diversity benchmark for where you stand as an organization. What is your current demographic breakdown? How do employees feel about diversity and inclusion issues? Why do employees leave the company? Ask the right questions up front, and you'll set a baseline that allows you to better understand how to set goals and quantify success over the long term.

2. Don't reinvent the wheel. There's a ton of great resources available in the market to help you build a successful diversity program. Find out what's worked for other organizations, modify those initiatives to fit your organization's needs, and commit to iterating regularly along the way.

3. Try new things. Many organizations fail over and over again with basic HR-driven diversity programs, expecting different results each time. Don't be afraid to aim high, make adjustments along the way, and be creative. As you begin to see progress, you'll need to fine-tune your goals, priorities, and measurement along with it.

4. Make it collective. While HR departments certainly play an important role in the change process, to generate a historic cultural shift you need commitment that starts at the top and companywide involvement that permeates every department and level. While there are a lot of different program elements organizations can bring to bear to influence diversity and inclusion, one every organization should consider is an "ally" program. At Intel our ally program is designed to encourage all employees to be allies in the workplace by demonstrating five key behaviors: be visible, listen and learn, reflect, challenge and advocate.

The good news is that today, more organizations in the cybersecurity market across the world are making diversity and inclusion a top business priority. That said, women and other minority groups are still vastly underrepresented and we have a long way to go. An industrywide shift in culture won't happen overnight, but by following key principles and best practices, you can begin accelerating your organization's path toward diversity and inclusion.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How a PIA Can CYA."

Jim Gordon is an Intel veteran of 20+ years and has held a variety of roles over this time. Most notably he served 3.5 years as chief of staff and technical assistant to Intel's then president Renée James.  He currently is GM of Ecosystem & Business ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.