Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Jim Gordon
Jim Gordon
Connect Directly
E-Mail vvv

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity

Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.

For an industry that has shown aggressive growth over the last decade — and is projected to increase spending by 9.4% from 2018 to 2019 — the cybersecurity market continues to see more breaches and more money and data stolen. I believe that diversity and inclusion should be a foundational element for driving the advancement of cybersecurity, one that can rapidly improve those outcomes. But unfortunately, that isn't a reality today. According to a recent study, women represent just 24% of the cybersecurity workforce today, and they're getting paid nearly 12% less than men. This industry can do better. But how?

While many organizations are working to solve diversity issues such as gender and ethnic disparity, the overall industry is still a serial laggard. This is puzzling considering the fact that we have negative unemployment with the average security salary currently at US$91,500. Despite these well-paying, abundant job opportunities, clicks on job listings in 2018 decreased by 1.3%. There are many factors contributing to these numbers, but one major influence is that the security market is much like general tech was 25 years ago. Innovation is fast and furious, and start-up culture is rampant. This can result in a lack of diversity, which can alienate the many minority demographics that make up a significant portion of the total available workforce.

An industry culture defined by diversity and inclusion can bring about the type of new ideas and approaches that spur innovation and solve age-old problems. What exactly do I mean by diversity and inclusion? It's about having a workplace that's open to all, that represents varying perspectives from many different backgrounds — one that's closed to none. It's about making sure each member of your workforce is empowered daily to contribute in a way that realizes their maximum innate potential, which ultimately contributes to the success of the organization at large.

Sparking cultural shifts within an organization — and throughout an entire industry — can feel like a monumental task, but the juice is well worth the squeeze. Working at Intel, I've had the opportunity to be on the front lines of the diversity and inclusion work, and I'm heartened by the progress we're beginning to make, starting with three key elements:

Leadership: A top-down organizations starts with the CEO or other top leadership executives making a public commitment and sharing the specific terms of that commitment. This absolutely has to include a set of defined (quantitative) outcomes and a clear-cut time frame by which to measure progress and results. From there, these same leadership representatives must show up, quarter after quarter and year after year, to publicly renew those commitments and provide insight into the advancements that have been made along the way. A group of our most senior leaders meet with our chief diversity and inclusion officer every month.

Investment: Many corporate projects or initiatives use incremental funding. However, to truly affect meaningful change, diversity and inclusion programs require investment on a completely different scale. For example, recruiting diverse candidates straight out of school means you have to dramatically expand the roster of universities with which you engage. If you want to close the pay gap and introduce more inclusive benefits, you must allocate the appropriate funding.

Permanent change: Diversity and inclusion is not an HR function or policy, led and administered by a single division within a company. These programs need to be adopted broadly throughout the organization, and supported indefinitely by employees in every department, at every level. Progress must be measured regularly, reported on publicly and adjusted frequently. A permanent commitment to diversity and inclusion changes everything — from how you run meetings and write job descriptions to how you manage compensation and promotions, and much more.

Implementing a new diversity program or revamping an existing initiative will involve a defined strategy. Consider these four steps:

1. Start with a baseline. Establish a quantitative diversity benchmark for where you stand as an organization. What is your current demographic breakdown? How do employees feel about diversity and inclusion issues? Why do employees leave the company? Ask the right questions up front, and you'll set a baseline that allows you to better understand how to set goals and quantify success over the long term.

2. Don't reinvent the wheel. There's a ton of great resources available in the market to help you build a successful diversity program. Find out what's worked for other organizations, modify those initiatives to fit your organization's needs, and commit to iterating regularly along the way.

3. Try new things. Many organizations fail over and over again with basic HR-driven diversity programs, expecting different results each time. Don't be afraid to aim high, make adjustments along the way, and be creative. As you begin to see progress, you'll need to fine-tune your goals, priorities, and measurement along with it.

4. Make it collective. While HR departments certainly play an important role in the change process, to generate a historic cultural shift you need commitment that starts at the top and companywide involvement that permeates every department and level. While there are a lot of different program elements organizations can bring to bear to influence diversity and inclusion, one every organization should consider is an "ally" program. At Intel our ally program is designed to encourage all employees to be allies in the workplace by demonstrating five key behaviors: be visible, listen and learn, reflect, challenge and advocate.

The good news is that today, more organizations in the cybersecurity market across the world are making diversity and inclusion a top business priority. That said, women and other minority groups are still vastly underrepresented and we have a long way to go. An industrywide shift in culture won't happen overnight, but by following key principles and best practices, you can begin accelerating your organization's path toward diversity and inclusion.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How a PIA Can CYA."

Jim Gordon is an Intel veteran of 20+ years and has held a variety of roles over this time. Most notably he served 3.5 years as chief of staff and technical assistant to Intel's then president Renée James.  He currently is GM of Ecosystem & Business ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...