Diversity: Its About Inclusion

  /     /     /  
Publicated : 22/11/2024   Category : security


Diversity: Its About Inclusion


Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the uncomfortable conversations needed to remedy cybersecuritys diversity gap.



Something shifted last week in the cybersecurity diversity gap conversation.
A rare representation of several speakers of color, gender, and various cultures took the stage in San Francisco both at the RSA Conference and related events. They shared not only their security and privacy expertise, insight, and research - but also their firsthand experiences as minorities and their recommendations for creating a more diverse and inclusive industry.
The glaring lack of diversity in the industrys workforce is well-documented: women make up just 11% of the industry, while Hispanic and African-Americans overall comprise 12%. But the numbers have mostly remained static, despite an increasingly diverse US and global population. 
Backlash a few weeks ago over a relative lack of women represented in the RSA Conferences initial slate of keynote speakers led renowned executives from Facebook, Google, and members of other tech firms to organize a rival one-day conference called Our Security Advocates (OURSA). The April 17 event featured talks by security and privacy experts from underrepresented backgrounds and sectors of society.
Just across the street, the day before, the RSA Conference held its own event called Securing Diversity, with a lineup of women and minority speakers in the industry discussing how to hack the security diversity gap. The RSA Conference keynote slate the following day featured a Q&A with US Department of Homeland Secretary Kirstjen Nielsen, in addition to several women speakers in the session tracks.
But it was the combination of mounting frustration over the industrys seeming inability to recruit and retain a more diverse workforce and the OURSA conferences protest that ultimately made diversity one of the key industry themes during the industrys largest annual conference week.
Its more important than ever that security and privacy platforms are built to reflect the diversity of our users, employees, and administrators of the world, Parisa Tabriz, Googles director of engineering, told attendees at OURSA.
Minorities and women in the industry often find they are constantly battling for equal treatment. Weve got a ways to go here, for women and people who look like me. We have to work twice as hard to make ourselves credible and to be heard, Devon Bryan, founder and president of the International Consortium of Minority Cybersecurity Professionals (ICMCP), said at an event sponsored by the Cybersecurity Diversity Foundation.
Bryan, who is also executive vice president and CISO of the Federal Reserve System, points out that minorities dont want to be hired just because they are minorities. They dont want to be hired because of what they look like, they want to be hired because they are good at what they do. They want to be valued and contributing, he said. Diversity is not about the numbers.
Diversity isnt just about the cybersecurity talent gap, either, according to Kim Jones, director of the Cybersecurity Education Consortium at Arizona State University and a former CISO and intelligence professional. Jones, who spoke at RSA Conferences Securing Diversity summit, argues that getting serious about fostering a more diverse industry requires looking at things differently.
We need to separate diversity from the talent gap issue. Before there was a talent shortage, there was a diversity problem, Jones said, noting that security itself doesnt care about race, creed, color, or sexual orientation, so there shouldnt be a diversity gap.
For some reason, we are not attracting or resonating or giving an opportunity for minorities to work in the industry, he said. Some of that is the image cybersecurity often projects, with black hoodies or bad boy attitudes that dont resonate among underrepresented groups: Thats not the way to recruit, he said. When I talk to students, I say if you want to be someone who helps defend people … and make a difference, come work with me.  
Minorities and women already in the industry also need to step up and serve as role models. If you dont have a role model, be one. Ive been the sole African-American executive of companies before, he said. Being the only one is hard, but equip the people behind you.
Its not just about hiring: its about the inclusion of those diverse employees, said Mischel Kwon, founder and CEO of MKACyber and creator of the Cybersecurity Diversity Foundation. That means ensuring minorities and women get their voices and input heard at work and in meetings; and it can take time to hack through implicit biases that prevent that. You have to have the uncomfortable conversations, Kwon told Dark Reading in an interview.
Corporate diversity initiatives also require a little soul-searching. My question is how serious are you? Are you doing something just to make the numbers get better or [because] it feels good to say youre talking about diversity, Jones said. Or are you truly and honestly making a difference not because the numbers say we need to, but because its the right thing to do.
United on Diversity
Christine Izuakor, senior manager of global security strategy and awareness at United Airlines, said the airline has a diverse cybersecurity team made up of 40% women and various ethnicities and sexual orientation. For that we are a much stronger team, she said. But its not about color or gender. Its the unique perspective each brings.
She said Uniteds diverse security team grew organically. I dont know if it was intentional originally to build such a diverse team, she told Dark Reading in an interview. Theres a more deliberate focus on that today.
Among Uniteds initiatives to foster diversity are its cybersecurity rotation program, which includes providing internships to students in underrepresented communities. We need to ignite that spark to [attract] people in all walks of life, she said.
Recruiting a more diverse team also means busting a few myths that hold back the industry from attracting a wider range of people, including making technology solutions that are inclusive by design so that people from all backgrounds get access to the same opportunities in the field, and help remove any barriers to them. Im a first generation Nigerian in America, and my culture didnt support an IT security field, she said. I was raised to believe that success is a doctor or an engineer, and nothing in between.
Izuakor said the spark that drew her to cybersecurity wasnt a role model - there werent any for her at the time - but an elective cybersecurity course she took in college.
She believes companies should scrap the minimum degree and experience requirements for new job candidates. Being an expert is absolutely important, but its not years of experience alone that determine the value of contributions, she said. We need to focus more on creating opportunities for entry level applicants, and provide them a career line of sight, she said.
The Year Up organization, for example, trains young urban adults for six months and then offers a six-month internship with participating organizations as a career path. Fresh perspective works wonders, she said. It takes that cross-generational knowledge and sharing and collaboration.
Coding and technical experience arent the only skills needed in cybersecurity jobs, according to Izuakor, noting that the image of a coding expert wearing a black hoodie presents an image problem. Our industry needs an extreme makeover, she said. Our images are one of the greatest barriers to the industry, especially for minorities … We need to make sure we are positioning ourselves more inclusively.
Meantime, several speakers in the diversity sessions acknowledged that they were mostly preaching to the choir. People who need to hear this are not here. Thats the biggest problem, Jones said. You need to bring conversations like this to the main hall [of RSAC] and make people a little uncomfortable to hear about it.
Related Content:
10 Women in Security You May Not Know But Should
Best Practices for Recruiting & Retaining Women in Security
Mischel Kwon Unplugged
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the
security track here
. Register with Promo Code DR200 and save $200.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Diversity: Its About Inclusion