Addressing diversity in security

There has been much discussion and rightful concern expressed over the years about how technology fields broadly, and the cybersecurity industry in particular, are lagging when it comes to workforce diversity. Too often, though, we look at this shortcoming as a problem that the private sector alone must rectify. The reality is addressing workforce diversity is too large of a challenge for it to fall on any one group or sector. Instead, the public sector, private sector and non-profit industry associations should work together to make the type of collective impact that is needed to turn so many people’s good intentions into action.

Here are some ways that each of these groups can contribute in this important movement to expand opportunity and inclusion in cybersecurity and related fields:

Private sector

Job postings for cybersecurity roles often are heavy on technical skills and express the need for candidates to come from academic backgrounds in traditionally male-dominated areas such as computer science. This is a recipe for attracting more of the disproportionately white, male practitioners to the field and maintaining the status quo. Security and HR teams must instead be open-minded about different backgrounds and skill sets that could be transferrable to security roles and then, as necessary, provide on-the-job training and skills development to help a wider pool of technology-minded professionals succeed.

Equally important to being more proactive about bringing in underrepresented populations is how these professionals are treated once they have been hired. It is only by creating a culture of inclusiveness and empowerment — in which all members on the team, irrespective of gender, race or other demographic categories are valued, listened to and given opportunities to advance their careers — that retention will improve over the long-haul. If organizational leaders are intentional about providing leadership pathways and opportunities for diverse members of their team, there is hope for real progress.

Public sector

The trend toward more remote work — already in place before COVID-19 but sharply accelerated by the pandemic — figures to create a long-term shift in how and where people work. In many cases, geography no longer is the limiting factor it once was because you don’t have to live in a technology hub or in a big city to do the job.

However, as long as people in rural and less developed regions lack the internet access and connectivity of their counterparts who live in more populated areas, a significant gap will exist in opportunities to learn and grow their careers. Even in cities, socioeconomic differences often create inequality in who has consistent access to high-speed internet. This, in turn, lessens the pool of qualified candidates from certain regions, and perpetuates minority underrepresentation in the workforce. Governments have a critical role to play here in prioritizing the expansion of reliable broadband internet throughout their countries so that all residents are positioned to compete in a global economy that is increasingly driven by technology and access to reliable internet.

Industry organizations

Non-profit industry organizations can also be part of the solution while serving as a great bridge between the public sector, private sector and academia. Providing technology-focused scholarship programs, mentorship programs and learning opportunities for underserved populations, and helping to create diverse, multicultural professional networks, are examples of how industry groups can make meaningful contributions.

Organizations such as Code2040, Black Girls Code, Techbridge Girls, and ISACA’s One In Tech Foundation, are among those making their presence felt in offering new opportunities in the digital world. (Disclosure: I am a board director of ISACA.)

Collective effort required

Insufficient diversity in the security profession and other technology fields is problematic both from a societal standpoint and an organizational standpoint and is an impediment to both individuals and organizations reaching their full potential. A challenge of this scope requires a collaborative commitment, with the private sector, public sector and industry professional associations all having important parts to play. Expanding opportunity in the cybersecurity profession is well worth the collective effort that will be required to make it happen.