It’s no secret that cybersecurity has a diversity problem. While it is well-documented that inclusion and diversity are benefits to a company and the bottom line, there are some people who are skeptical of diversity’s true impact or may feel left out of the conversation because they are part of the overwhelming white male majority. Company leadership must get all employees on board for any program to be successful. Making inclusion a part of the company’s culture is a good first step to ensure all employees feel valued. Below you’ll find other culture shifts companies can make as well.
In the video below, “A CISOs Journey To Building Diverse Teams,” EVP and Chief Information Security Officer at Zions Bancorporation, David Stirling says he saw a lack of diversity on the tech side of banking and that it was clear it was causing performance problems.
“The team was not diverse and not a great representation of different backgrounds and different viewpoints,” said Stirling. “The team was not performing well, not against any individual member of the management team, we just weren’t achieving the goals and regulatory requirements for our banks.”
Stirling said he recognized there was an opportunity to start thinking about things differently than what the cybersecurity team to that point had been doing and tapping some talent he had worked with in the past.
“At the time, I wasn’t conscious of the reason why these women leaders are successful is because there’s diversity of backgrounds, there's diversity of thought,” he said. “I just knew them as really highly capable leaders that did not have a cybersecurity background.”
Stirling said once these leaders were brought in, “immediately we began to see some things that needed some changing and when we got some of the female managers on my team in my office they said, ‘Hey we need to change the way we’re thinking about some things.’”
By not including other voices and having a homogeneous team, “we didn’t understand the power we were leaving on the table,” said Stirling.
Diversity of thought requires people to admit they don’t know everything. For seasoned cyber pros who have been at the job for years, it can be challenging to their ego to have someone from outside the department, or even the organization, call to question the way things are done.
Stirling said he had a wake-up call working with the former chief technical officer at his company, who was a champion of diversity.
“I had to be humble and recognize some of the activities and approaches I had previously had were not helpful, not in the sense I was working against what needed to be done but I was not proactive and thinking of things the way they should be done,” said Stirling.
With cybersecurity professionals in such high demand, Stirling says, “this isn’t about replacing people.”
“This isn’t about one or the other, but developing teams with diversity of thought to make them the highest performing team they can be,” he says.
How many times have you heard something like this?
“I value diversity training, but our department just hasn’t got the time.”
“I know we should try to be more inclusive.”
“Obviously inclusion is a priority here.”
Words like, but, try, and obviously are dismissive. They are not the language of leadership or people who want to take action. Other words like, should, and fine can hold a department or an entire organization back from being truly inclusive.
No one wants to feel like they are not a priority. Opt instead for clean, active language when discussing inclusion and diversity. It sends a clear signal to all employees that having respect and empathy for everyone is required.
“Unless you make diversity a priority, it won’t help you improve your teams,” says Stirling.