How to Build a Path Toward Diversity in Information Security

  /     /     /  
Publicated : 22/11/2024   Category : security


How to Build a Path Toward Diversity in Information Security


Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.



BLACK HAT USA – Las Vegas – Some 1.8 million information security professionals will be 
needed in the next five years
 worldwide, further driving home the need to expand the pool of potential candidates by bringing more women and minorities into the mix, speakers on the Making Diversity a Priority In Security panel said here today at Black Hat.
Not only are companies looking to fill vacant job openings, but they are increasingly seeking to add diversity to the workforce.
When you look at diversity, it goes beyond a persons gender and race and it brings to the table the benefit of a diversity of thought, says panelist Anthony Johnson, managing director and business information security officer at JPMorgan Chase & Co.
Panelist Aubrey Blanche, global head of diversity and inclusion at Atlassian, noted that empirical research has shown that when employees are working with people who are different than they are, they process information differently. As a result, one potential benefit may be coming up with ideas and innovation by studying an issue from a different perspective, Blanche says.
Its this potential benefit that prompts some companies to hire women and people of color for information security roles, even though their level of experience is less than other candidates, the panelists noted.
You can say hire more people, but that doesnt solve the problem. You need to have a diversity program that gets the pipeline flowing, said Johnson.
Some of the panelists said their organizations are working on initiatives to encourage high school, middle school, and even elementary school-aged students, to learn about the cybersecurity field.
Palo Alto Networks, for example, teamed up with the Girl Scouts of the USA. Palo Alto Networks 
announced
 last month it would assist in delivering a national Girl Scout Cybersecurity badge for students in kindergarten through the 12
th
-grade.
We partnered with the Girl Scouts to offer cybersecurity badges to K-12 girls, so all these girls will be exposed to cybersecurity, says Rick Howard, Palo Alto Networks chief security officer.
Another way to entice hiring managers, internal recruiters, and others involved in the hiring process to reach out and interview a diverse pool of job applicants, is to tie it to performance bonuses or some form of financial reward, says Mary Chaney, vice president of the International Consortium of Minority Cybersecurity Professionals (ICMCP).
Job descriptions often present a list of must-have and want-to-have requirements that preclude women and minorities. One way to bridge that gap is to write more approachable and realistic job descriptions that open the door for entry-level applicants as well.
Women dont apply for jobs, even if they are 80% qualified. They wont apply because they dont meet the other 20%, Chaney says.
Maintaining a Diverse IT Security Workforce
Hiring women and minorities only addresses half the issue for the IT security industry. The next step is retaining these workers, according to the panel.
The number one reason women and minorities leave is because of mistreatment, Blanche says. One way her company sought to address attrition was by eliminating the subjective portions of performance evaluations, she added.
Sometimes if a womans voice is silenced during a meeting, after meeting after meeting, she goes silent, Chaney explained. She adds that women likely stay where they are valued and have a good support system.
Palo Alto Networks security team has marching orders from Howard that sexist jokes and comments will not be tolerated, he noted.
In the Black Hat keynote address here earlier in the day, Alex Stamos, CISO of Facebook, noted that two male engineers were treating a female security team member with disdain and disrespect. Stamos chastised the two engineers for it and was surprised when the female employee called him over to discuss the meeting and asked Stamos not to rush to her defense in the future. She explained it would be harder for her to gain respect and credibility with the two male engineers and the team if Stamos continued to rush to her defense.
Atlassians Blanche said one way she dealt with finding her voice to speak up in meetings - after feeling she was frequently dismissed - was to call on a peer who created space for her. In the meetings, he would ask Blanche what she thought, and over time she began to participate in the discussions.
Over time I could say something and didnt feel like I would die, she said.
Related Content:
How Diversity Can Bridge The Talent Gap
Small Changes Can Make A Big Difference In Tech Diversity
How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How to Build a Path Toward Diversity in Information Security