It’s no secret that cybersecurity has a diversity problem. While it is well-documented that inclusion and diversity are benefits to a company and the bottom line, there are some people who are skeptical of diversity’s true impact or may feel left out of the conversation because they are part of the overwhelming white male majority. Company leadership 
must get all employees on board for any program to be successful. Making inclusion a part of the company’s culture is a good first step to ensure all employees feel valued. Below you’ll find other culture shifts companies can make as well.
In the video below, “A CISOs Journey To Building Diverse Teams,” EVP and Chief Information Security Officer at Zions Bancorporation, David Stirling says he saw a lack of diversity on the tech side of banking and that it was clear it was causing performance problems.
“The team was not diverse and not a great representation of different backgrounds and different viewpoints,” said Stirling. “The team was not performing well, not against any individual member of the management team, we just weren’t achieving the goals and regulatory requirements for our banks.”
Stirling said he recognized there was an opportunity to start thinking about things differently than what the cybersecurity team to that point had been doing and tapping some talent he had worked with in the past.
“At the time, I wasn’t conscious of the reason why these women leaders are successful is because there’s diversity of backgrounds, there's diversity of thought,” he said. “I just knew them as really highly capable leaders that did not have a cybersecurity background.”
Stirling said once these leaders were brought in, “immediately we began to see some things that needed some changing and when we got some of the female managers on my team in my office they said, ‘Hey we need to change the way we’re thinking about some things.’”
By not including other voices and having a homogeneous team, “we didn’t understand the power we were leaving on the table,” said Stirling.
Diversity of thought requires people to admit they don’t know everything. For seasoned cyber pros who have been at the job for years, it can be challenging to their ego to have someone from outside the department, or even the organization, call to question the way things are done.
Stirling said he had a wake-up call working with the former chief technical officer at his company, who was a champion of diversity.
“I had to be humble and recognize some of the activities and approaches I had previously had were not helpful, not in the sense I was working against what needed to be done but I was not proactive and thinking of things the way they should be done,” said Stirling.
With cybersecurity professionals in such high demand, Stirling says, “this isn’t about replacing people.”
“This isn’t about one or the other, but developing teams with diversity of thought to make them the highest performing team they can be,” he says.
How many times have you heard something like this?
“I value diversity training, but our department just hasn’t got the time.”
“I know we should try to be more inclusive.”
“Obviously inclusion is a priority here.”
Words like, but, try, and obviously are dismissive. They are not the language of leadership or people who want to take action. Other words like, should, and fine can hold a department or an entire organization back from being truly inclusive.
No one wants to feel like they are not a priority. Opt instead for clean, active language when discussing inclusion and diversity. It sends a clear signal to all employees that having respect and empathy for everyone is required.
“Unless you make diversity a priority, it won’t help you improve your teams,” says Stirling.
Diversity is often discussed at leadership summits and in C-level corporate offices around the country. It’s clear that within many industries, including cybersecurity, there’s a great need to bring more women and people of color into the ranks and into leadership roles. But many efforts to improve diversity in tech have failed. Why is it that after years of diversity training and initiatives, companies are still struggling to recruit and retain diverse talent?
Deidre Diamond, Founder and CEO of CyberSN and the founder of Secure Diversity, has spoken about the challenge of building diverse teams in webinars and at numerous conferences. When people ask her why diversity is still such a challenge, she points out, to get to diversity, you have to start with inclusion.
Inclusion—in the purest sense—is including others or being included within a group or structure. It’s about ensuring that all people, regardless of gender, race, religion, or other similar factors, are respected and appreciated as valuable parts of the organization.
Because if you don't have an inclusive culture, then diverse people won't stay. One study found that 50% of multicultural women were considering leaving their corporate job. The survey also revealed that culture was at the core of the problem. It found that 79% percent of multicultural women cite “male-dominated” culture as an obstacle and 74% believe they are considered “not fitting the profile of a leader.”
In the video below, “Hiring and Retaining Gender Diverse Teams: A How-To Conversation,” Diamond discussed the inclusion concept with Michael Joseph, Co-Founder and CEO of Technium.
He says he came to Diamond to continue to move his company toward diversity. In a customer focused business like his, a lack of gender diversity can hold the company back, Joseph said. They were recruiting women, but were not retaining them. He realized the changes he needed to make at his company had much more to do with overall culture than a specific diversity program.
“The only thing I did do right is I decided culture was important,” said Joseph. “We made a decision a couple of years ago to fix our culture to be a happy, good place to be so now I want to make it more inclusive.”
He continued, “The focus has to be as much on the internal as the external. You can’t spend all your time trying to make customers happy and not making your people happy. Otherwise, you’re not going to have happy customers.”Watch now >>> “Hiring and Retaining Gender Diverse Teams: A How-To Conversation,” Michael Joseph, Co-Founder and CEO of Technium
How does a company shift its culture to be more inclusive? What steps do managers need to take to show that every employee has respect and is valued? Developing leadership skills should include developing emotional intelligence skills.
An often overlooked aspect of management, recruiting, workforce retention, and ultimately inclusion is emotional intelligence, or EQ. Having empathy for others, understanding non-verbal cues, and being able to manage a team that makes everyone feel valued are important EQ skills and are essential aspects to creating a more inclusive environment.
After years of working in business, tech and cybersecurity, Diamond has learned that everyone wants the same seven things out of work. According to Diamond, understanding what people are looking for in their jobs and seeking to provide them, companies can build stronger relationships with employees. When all employees feel valued, that there is equal opportunity for advancement, and they are treated fairly and with respect, it will become easier to build and retain diverse teams.
Here are the ways to retain people and have cultures with inclusion behaviors
How do you make a cultural shift and create a workplace culture that achieves these things and in turn, becomes more inclusive?
Researchers and strategists Lori Nishiura Mackenzie and JoAnne Wehner from Stanford VMWare Women’s Leadership Innovation Lab, suggest getting managers and other leaders involved in diversity training, inclusion strategies, and culture decisions from the start. It helps create buy-in and makes for a smoother implementation. Management is also more likely to stick to a program that includes their ideas.
To make sure the program is truly inclusive, it helps to work with someone outside the organization to facilitate.
A report by Cybersecurity Ventures estimates women made up 20% of the cybersecurity workforce in 2019. One way to increase the number of women entering and staying in the field is to show women in high-profile roles. If only white men are seen representing cybersecurity at your company, then women and people of color will have a harder time envisioning a future with you.
Offer women and people of color more opportunities to represent the company at conferences, leadership training, and other events, both internal and external. This will help them feel more invested in the company, they will be seen as leaders by peers, and allowing them to show off their skills will help battle negative stereotypes and the perception of tokenism.
Fostering an inclusive environment can be a lot of fun: team building, having lunch together, and outings let people get to know each other and build trust. But don’t let culture get out of hand. Certain behaviors considered “all in good fun” by some could be viewed as toxic by others.
In her conversation with Joseph, Diamond said there are certain workplace behaviors that she feels are not discussed as much as they should be in workplaces today. These are basic behaviors, but for managers to truly build inclusive cultures, Diamond said they must follow these rules of behavior:
Inclusion and diversity are often tossed around as being one and the same, but understanding inclusion must come first is essential to achieving diversity and making it last. An inclusive workplace where EQ and empathy are priorities is one of the best ways to create and maintain a healthy and diverse workplace.
It’s no secret that tech has struggled to diversify its workforce. Equal representation of minorities and women in tech still has a long way to go. But as companies also struggle to fill cybersecurity jobs, there can sometimes be a disconnect between needing to fill a position today and working harder to make cyber teams more diverse in the future. To properly address the problem, first we need to understand what’s causing the problem.
In 2014, some of the biggest tech companies in the world came together to look at the representation of women and minorities among their ranks through a joint diversity study. The idea was that by understanding the demographics of the company, it would be able to better move toward a more diverse workplace.
Unfortunately, the 2020 study showed little has changed in the past decade, despite efforts to increase diversity. While women are now 23% of Facebook’s technical workforce, African-American employees are woefully underrepresented (3.8% of the workforce) as well as at Twitter (2% of the workforce). At Apple, 53% of new hires are from historically underrepresented groups in tech, however the lack of diversity in leadership roles indicates people within these groups are not sticking around or being promoted.
The need for more women in tech and an overall increase in diversity throughout the tech world is well documented and even more pressing when it comes to cybersecurity. In 2020, it should go without saying that diversity is good for business, leading to better products and services that are designed for a wide range of people. With the demographics of the U.S. becoming more diverse each year, smart businesses should be making diversity hiring a priority if they are to compete in the future, yet as we see with these tech giants, it takes more than simply acknowledging the problem.
To create a diverse workforce, your company must hire and retain a diverse staff. Encourage an environment where team members are supportive. Competition should be healthy, not cut-throat. Nicknames and teasing, even if done “in good fun” can leave employees feeling like they’re on the outside.
Companies are wise to take a hard look at company culture and ensure it is not discriminatory, especially if areas of your workforce are male-dominated. A 2017 poll by the Pew Research Center found that 50% of women said they had experienced gender discrimination at work. The numbers were even higher for women working in tech at 74%, or in a male-dominated workplaces at 78%.
Bottom line? There’s a need to ensure workplaces are safe environments for all employees and that companies foster a culture of support and inclusion, free of snarky comments and cliques. Letting a negative workplace environment fester can not only lead to attrition, but as word gets out in tight-knit circles like cybersecurity, it can hamper recruiting too.
Every hiring manager and HR recruiter is looking for that impressive resume with a specific degree from a top school and all the right job titles, but in a tight cybersecurity job market, those can be hard to come by. Instead of relying on HR software to curate resumes, look more closely for people who may not be an exact fit at first glance but have all the right skills.
While most hiring managers may be reluctant to admit it, unconscious bias can influence hiring decisions, especially when looking for people who will fit in with the team. This can often lead to hiring people like themselves, in appearance, background and world-view. One way companies are overcoming this, according to TechRepublic, is to use diverse analytics software to hide personal information, such as name, age, gender, and ethnicity, allowing recruiters to focus on more relevant factors like job skills and experience.
This kind of tech is the idea behind the CyberSN platform KnowMore, which also puts the focus on skills and experience, creating anonymous profiles companies can review without the professional worrying about bias.
Because there’s a shortage of cybersecurity professionals in the workforce today, it’s a great opportunity for people who have left work for a while to re-enter the workforce. It remains an amazing untapped talent pool.
COVID-19 is forcing many people, especially women who are often the caregivers, to opt out of the workforce. It can be difficult for women to come back to work after such breaks, leaving talented people willing to work sidelined. Why risk losing a qualified professional just because of a career gap? In the interview, ask about the break—motivated people will often tell you about volunteer work, training, or professional development they did during that time, ensuring they stayed engaged and kept skills fresh.
The financial research firm Morningstar formed a women’s initiative group that aims to make Morningstar a leading supporter of women in financial services, and created a diversity council to provide a platform for discussions on diversity to foster change. Tech company Vail Systems created a policy requiring at least one woman participate in the interview process for each role. The company also makes sure to have women representing Vail at all of its recruiting events.
These examples reveal that hiring for diversity takes more than simply a desire to do so. Taking action within the company indicating diversity is a priority is a good first step. Giving your hiring process a fresh look and how it may be leaving people out is another.
As a woman-owned company, CyberSN is committed to improving diversity throughout the cybersecurity industry and helping others do so too. Our results speak for themselves. At CyberSN, 52% of our placements are diversity hires. We know it’s possible to find great talent among all races and genders. If you’d like to learn what your company can do to improve workplace diversity, get in touch.
Female students' achievement in mathematics and science is on par with their male peers and female students participate in high level mathematics and science courses at similar rates as their male peers, with the exception of computer science and engineering.
Co-Authored by Lisa Kendall, CyberSN and Katie Perry, Technium
By now, it’s widely known that cybersecurity is a male-dominated field with the most generous estimates saying that we might have 24% women in our workforce. After half a decade of intensive effort to increase the level of equality among the genders in the security profession, we are still falling woefully short. A survey of 1000 girls aged 13-17 from April 2020 revealed that Interest in tech and STEM careers is actively falling among girls, with just 9 percent interested in careers in STEM (down from 11% two years ago). In 2018, only 18% of computer science grads were women. It’s clear that more drastic measures are needed to balance the scales. Meanwhile, over the last 10 years, the gender balance of the veterinary industry literally flipped upside-down, going from 80% men - to 80% women! Let’s explore the factors that contributed to that happening, and see if there are any lessons to help improve the gender balance in cybersecurity.
With the passage of Title IX in 1972, college admission restrictions based on gender were eliminated at universities and colleges. Soon after, the rate of women entering the veterinary field began to increase. After that, the balance of men vs. women began to “feminize” resulting in the rates of inclusion swapping places! Men’s desire to pursue careers that offered more autonomy, an increase in female role models, and the portrayal of veterinarians as carers in social and pop culture are all speculated to be reasons why less men and more women began entering the field. Also, scientific developments in sedatives for large animals have made this career field more realistic for women veterinarians as demand is high for those who can service livestock and large farm animals. The increase in female role models in the veterinary field is another contributing factor. The portrayal of women in TV and movies, for example "The Big Bang Theory", a leading CBS sitcom, featured a love interest character who was a female veterinarian. This is a great example of how representation matters. When young women see it, they know they can become it.
Another social issue plaguing our cyber workforce is the topic of work/life balance. The veterinary field, like the cybersecurity field, is a 24x7 job. Patient care, like user services or outage alarms, don’t often conveniently happen during business hours. By creating options like part-time work and split shifts, the veterinary field was able to give more dynamic work options to their practitioners. This type of employment model, where the employee has more control over their schedule and number of hours, could also help to subvert another major issue in cybersecurity: burn out! When 91% of CISOs report feeling constant burnout, you know there is a deep-rooted issue with work/life balance that needs to be addressed. This contributes greatly to the cybersecurity talent shortage because who would volunteer for a job that is all but guaranteed to run them ragged in a few years? It’s not good for the people in our community, and it’s not good PR for the recruiting efforts that we need to enact as a profession.
Friends,
CyberSN, SecureDiversity.org and Deidre Diamond all stand with Black Lives Matter. The treatment of humans is a topic I am in everyday, as many of you are aware. I talk with you about words and behaviors at work that cause problems and or that can make cultures better so that our community can have happiness at work. I enjoy being in this conversation with you all tremendously. I want to share a personal story with you now so that we can be authentic in conversation, while around us all, our communities are hurting. I hope my personal story helps.
The Black Lives Matter (BLM) movement is about human treatment being equitable and human actions being equally accountable, with greater consequences than job dissatisfaction. I am the Founder and CEO of CyberSN and Secure Diversity. I self-funded these businesses from my own hard work, no investors, just risk and a strong desire to create a work environment that people loved. I represent the 1% of Women in Technology that are founding CEOs. I am in my late forties and I have white skin. My biological father is a first-generation Engineering immigrant from the Middle East, my mother is from Pennsylvania and of English descent. I had the honor of having Tommy, a black man, as a stepfather starting at age six. Tommy was a hairdresser in LA, when he met and married my mother. My mother, a white woman who was an LA City School Teacher for forty years and owned hair salons with my step father Tommy after they married. This wonderful man Tommy, passed on from earth just before I graduated college, I think about him all the time and I wish he could see what I have accomplished with others. I cook with his skillet still to this day and have taken it with me through many moves around the US. This man is a HUGE piece of who I became as an adult and a Leader. I love him, and for him and others I stand with BLM.
Tommy moved to live with myself, my mom and my brothers in Orange County, California in the late seventies. I remember him quietly saying while we were driving and listening to music, “most people don’t want me around here” or “I am so happy you don’t have to deal with what I deal with”. At the time, being so young, I didn’t understand. “Why wouldn’t Tommy be wanted here?” I thought, “I am so lucky to have him, he is kind, he loves music, he sings with me, he loves mood lighting and always makes our home feel calm, he loves eating and takes me to awesome ethnic restaurants.” Why? Tommy was always kind and never said anything bad about anyone, I loved him for that every day! Why wasn’t he wanted? I could not comprehend.
Time gave me answers to my questions. Questions that should never have to be asked. I mourn for the black men and all humans who have experienced discrimination, for Tommy, for equality of all humans. I pray for leadership to find solutions now, not tomorrow. I pray for extreme change to our laws now, not tomorrow. I vote and I serve and I pledge to never forget that all humans want the same things in life and no human should be treated differently than another human under any circumstances. I know you stand too and that we are together standing.
Tommy was the one who told me at age 6 and onward, “you are a leader” and “people love to follow you, do good with that”. He told me “you can do anything you want”. He never stopped saying positive empowering things to me. At the age of 9, Tommy and my mother had me running the front desk appointment setting, collecting customer payment, making bank deposits and cleaning the salon after hours; every weekend! I became business savvy before 10 because of this man. I was then and I am now, fearless and Tommy is a key reason. I hear his kind words about me in my head all the time. There is no greater gift than to give a child positive affirmations. While I have a wonderful father, who is very involved in my life, it was even more wonderful to have two Dads to love me. Tommy was and is my Dad too.
I am heavy hearted knowing there are so many Tommys out there being mistreated. So many men and women with black skin are being treated poorly, imprisoned and murdered for reasons white people are not imprisoned or murdered for, because of the color of their skin. All of this has to stop. I think about how Tommy didn’t care what color my skin was, or that I had a father or that I was a girl. He loved me unconditionally and cared for me daily, all while he endured discrimination for the color of his skin. All while he was being a father to a white child. Not only do I stand with Black Lives Matter, I live my life with no tolerance for discrimination. I do not tolerate discrimination at our companies or in any of my relationships. My heart breaks for what is happening in our country, and I plan to make sure things change. Love to everyone and thank you for letting me share this story.
Sincerely,
Deidre
The inability for companies to attract a diverse range of candidates is an underlying current to today’s broader cybersecurity staffing crisis. In fact, close to half of security insiders today believe that the underrepresentation of women and minorities stands as a major factor contributing to the current shortage of skilled security workers.
Anti-discrimination laws and cultural norms have largely pushed out the most overt cases of discrimination to the periphery of the industry. However, even with obvious bias isolated to the edge cases, what we’ve seen left behind are traces of unconscious bias that nevertheless hamper the industry. Unconscious bias has a way of creeping into even the organizations most gung-ho for diversity, keeping their cybersecurity teams from bringing in new kinds of people and their fresh perspectives for problem-solving.
One recent placement I worked on demonstrated to me exactly what this kind of bias looks like in action—and it was from a friend who I know to be fair and thoughtful. I was helping this executive fill a role to which he’d hoped to bring some diversity. As such, my team had provided an extra helping of women and minorities to a well-qualified candidate list. Needless to say, I was surprised to hear he ended up hiring a non-diverse candidate for the position.
As I got him to rewind the process for me, he told me that when the women on the list were asked why they were interested in cybersecurity, they didn’t bring enough ‘passion’ to the answer. While the man’s answer had more to do with personally seeing the problems in the industry that he wanted to fix, the women tended to relate stories about family members having their identities stolen and how that spurred an interest in the industry that protects people from those experiences. For the hiring manager, the way the man answered resonated as more ‘passionate.’ But looking at it from an outside perspective, it looked more like the man simply provided an answer that most closely matched my friend’s own worldview of professional enthusiasm. What he failed to see is that the sources of passion and work ethic can vary greatly by background.
What he ended up with is another non-diverse candidate, rather than a person with a wealth of new views that could have helped to round out his team. And this is really the crux of the diversity problem we face in the cybersecurity industry. The whole point of bringing in more women and minorities into teams isn’t to meet some quota. It’s to nurture a team-building mindset that attracts a range of people with totally different backgrounds who can bring fresh ways of tackling problems. This establishes a team dynamic where you’ve got a multifaceted way of attacking things. This is huge in security, which is so dependent on creative problem solvers.
In order to root out unconscious bias, we need to start listening for the answers we’re expecting from candidates and also the equally good answers that challenge our expectations. And achieving a bias-free workplace doesn’t end at the offer letter—not by a long shot. We’ve also got to think about how unconscious bias keeps us from retaining those underrepresented folks. As leaders, we need to take a hard look at the kinds of team-building exercises we do and about the kind of work atmosphere we promote. Let me know your ideas, advice, tips, or tricks to help further unbiased hiring. I’d love to hear from you.
It’s going to be a great year for diversity at RSA Conference 2016! Several crowd sourced sessions and speaker topics are scheduled which will prompt discussions around the issue of the lack women in tech and cybersecurity. These topics, along with groups and panels, seem to show that this issue is going mainstream at #RSAC this year. CyberSN and #brainbabe both have a vested interest in seeing the diversity conversation come to the forefront at tech conferences, RSA in particular, because the name of our not-for-profit organization www.brainbabe.org was born out of a frustration that booth babes still exist. These “babes” are a large percentage of the women at tech conferences, and yet the discussion about their presence so far has been about “banning” their outfits (a subject we wrote about last year), rather than recruiting and training them, which would help us expand the amount of women in technology professions! You can read more about this subject in “Why #brainbabe,” a blog by Deidre Diamond, Founder and CEO of CyberSN and Founder of Brainbabe.org.
Within our own company, we are seeing an awesome swell of support surrounding the topic of women in tech and cybersecurity. For the second year, RSA held public voting on Crowdsourced Submission Topics to round out their schedule with topics from the cybersecurity community, and the call for speakers was open to the public. From all the submissions received, the judges chose 35 of them to compete for 17 speaking spots and Deidre’s talk was chosen as a finalist. Since a version of this article was originally published, she has officially been selected to speak! Her talk “From pigtails, to prom, to a cyber career: what about your daughter?” will be shared at RSA Conference 2016 on Tuesday March 1 in Room 130 North from 1:10-2:00pm. If you plan on attending the conference, we hope you will check it out. Deidre will be speaking about encouraging women to consider careers in tech that they otherwise might not think about choosing. A major obstacle in getting more people into tech is the perception that one must be technical to be a part of the profession–but the major of all cybersecurity roles are actually not technical. We can empower more people to join the community by expanding our definition of what it means to be “in tech.” Her inclusion in the program, by popular demand, proves that people are seeking out topics about how and why we can empower women in cyber security.
If you are looking for ways to join the diversity conversation while at RSA this year, here are some suggestions:
In closing, I must also highlight a group called Equal Respect, which is “a grass root initiative that promotes open and respectful environments at professional events,” that is planning to have a presence at RSA this year. They call for events that, “prohibit and discourage promotional or marketing behaviors that disrespect groups of attendees based on gender, race, sexual orientation, religion, or ethnicity,” and we at CyberSN.com and Brainbabe.org are proud to be co-sponsors of their presence at RSA Conference 2016. It is groups like Equal Respect that will help raise awareness and overcome the obstacles that are keeping more women from joining the cybersecurity community.
