Vulnerabilities / Threats

8/3/2017
03:00 PM
0%
100%

Making Infosec Meetings More Inclusive

Diversity and inclusion experts explain how to avoid meeting pitfalls that preclude the voices of underrepresented members of the team.

Meetings at the office can be a battlefield for women and minorities in the cybersecurity field. 

"Many women lack confidence, but you want your ideas to be heard by the team you are with," says Telle Whitney, CEO and co-founder of the Anita Borg Institute. Programmers or team members want to be seen as their professional role, not as a woman programmer or a black programmer, she says.

"Every woman that we work with - that is their goal," she says.

There are strategies for making meetings more inclusive so that all members of the team get to contribute:

Encourage all voices and ideas.

Research has shown that women are interrupted more than men in meetings and their ideas valued less by team members, but there are ways to reduce that behavior, say inclusion experts.

Managers and team leaders should set ground rules before a meeting, says Mary Chaney, vice president at International Consortium of Minority Cybersecurity Professionals (ICMCP).

"As the leader, I set the tone for the meeting," says Chaney, who previously ran the security operation for Johnson & Johnson. "My rules were no interrupting other people or talking over others. As a leader, you want to make sure all voices are heard. You want a complete view."

In some situations, team members may want to lead the conversation. A leader can step in and interrupt a dominant speaker and say something along the lines of "I understand how you feel, but I want to see what other people think as well," Chaney advises.

Co-workers can play a role in providing space or an entry point to participate in discussions, says Aubrey Blanche, global head of diversity and inclusion for software company Atlassian, which released a 2017 State of Diversity Report in March. When she was in college and served on a board of directors at a nonprofit, she faced a male-dominated board and was uncomfortable with their communication style. "It was nothing malicious on their part, but I did not feel comfortable," Blanche recalls.

She approached a fellow board member with whom she had a good working relationship and asked if he could help her participate in meeting discussions. During the meetings, he would turn to Blanche and ask for her thoughts or opinion, she recalls. After being called on several times to solicit her opinions, Blanche says she eventually felt comfortable providing them unprompted in the meeting.

When women and minorities get interrupted while speaking, they should try some basic communications strategies, say inclusion experts. "Interrupters often don't realize they are interrupting," Blanche says. "You can say their name to get their attention and then let them know you would like to 'finish up' your thought."

When in a meeting with peers or those in higher roles, Chaney will put her finger up in the air and say, "please let me finish my thought" when interrupted, she says. "I figure they took the same leadership training as I did and should know better, so I will call them on it."

Quash idea-stealing.

Another common issue women and minorities face in meetings is having their ideas pilfered, say inclusion experts. When women present ideas in a meeting, they are generally more collaborative and humble, speak in general terms and a tentative manner, and phrase their ideas as questions, says Caroline Turner, principal with DifferenceWorks. As a result, the idea tends to lay their quietly until a male colleague picks it up, claims it as their own idea and receives kudos from co-workers, Turner says.  

Men tend to communicate in a "hey, look at this" fashion, which is more apt to gain attention in a meeting, Turner explains.

Turner herself faced this issue when working for a company as a high-level executive. She mentioned this concern to her CEO on a Friday, who dismissed the notion, but the following Monday, he witnessed it firsthand during a meeting. Turner presented an idea and it failed to generate an immediate response. Then, moments later, a co-worker picked up Turner's idea and presented it as his own, she recalls. Turner shot a knowing look to the CEO, who appeared surprised and said to the co-worker, "I see you agree with Caroline's idea," she recalls.

Although the conversation in the meeting continued as though nothing was amiss, Turner says, "I felt empowered. I was validated. I was no longer invisible. The power of that endorsement made me feel on par with everyone in the meeting."

Women in President Obama's administration used an "amplification" strategy" in which they would support each other by recognizing and commenting on any great ideas that fellow female co-workers presented in the meetings, Blanche explains.

The amplification comments would go along the lines of "great point and I would like to add on thatm" Blanche says as an example.

Women and minorities should hold open discussions with managers and executives when their ideas are hijacked, Turner says, citing her own former CEO as an example.

"Once I pointed it out to him and he saw it happen, he will never forget it," Turner says, noting the CEO went on to validate other women's ideas when similar situations arose.

Inclusion experts also note women and minorities can advocate for themselves in a light-hearted way while in meetings by saying such things as, "I'm glad you liked my idea and wanted to build on it."

Eradicate dismissive behavior and attitudes.

In Silicon Valley, there is a belief that the best people have a particular style of coding, and some men are dismissive to female colleagues if they don't employ the same coding style, says Whitney.

And in other cases, companies have fostered a confrontational culture, she says. "Intel used to have a culture of constructive confrontation, with the idea that by taking serious criticism a company could only get better," Whitney says. "But Intel has since changed this culture to one where it wants it to be collaborative."

Managers can tackle this head-on. "As a manager, when you see dismissive behavior you can take [the culprit] into a private conversation and tell them the behavior does not contribute to the job being done," Whitney advises.

She adds that managers can also provide women and minorities who are dismissed by their male counterparts to have an opportunity to demonstrate their work and discuss it when the project they were working on is reviewed.

Seeking allies is one way to fend off a particularly rude co-worker, inclusion experts say. Any co-worker can approach an offending team member and recount the contributions made by a female or minority infosec member, Whitney says.

However, she notes, some co-workers who are insecure about contributions they have made to the team may not be willing to stand up in another co-workers defense.

So women and minorities should seek out allies to fend off obnoxiously rude co-workers, Whitney advises. "One of the most successful strategies in this situation and others is to find allies," she says. "This is one of the reasons it is so important to have more women in the workforce."

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.