Thoughts on diversity and inclusion in cybersecurity

Our other blogs and articles are primarily security-focused – this is non-technical yet relevant, one of the issues that I felt and intended to explore personally.

It’s pretty hard to admit when you are in privilege, and it’s even harder to change the status quo when you are comfortable. This is a write-up on how I see diversity and inclusion currently in the cybersecurity industry, mainly a beginner’s understanding of the subject.

I attended this fabulous event, “Symposium on Cyber Strength through diversity (Ethnicity),” at Birmingham, organised by EMiC network and supported by Department for Digital, Culture, Media and Sport (DCMS). Earlier this year, EMiC kicked-off training workshops aimed at helping entrants and cyber enthusiasts.

I was more of a listening station yesterday; I learnt a lot, and here are my humble thoughts on diversity and inclusion in the cybersecurity industry – from the pov of an ally.

For productivity and competitiveness, you need a successful business that includes diversity. Diversity is an essential element of flourishing company culture since it dissolves personal preconceptions, encourages respect for others’ differences, and enables us to think creatively. It leads to improved critical thinking, creative solutions, and knowledge.

Look, at the end of the day people have to respect people’s differences. I am different than some people would like me to be.

– Kevin Spacey

What is meant by diversity and inclusion?

Diversity can be defined as the range of human differences, including but not limited to race, ethnicity, gender, age, sexual orientation, ability and socio-economic status. Inclusion is about ensuring that everyone feels valued, respected and has an equal opportunity to participate.

Why diversity and inclusion are essential?

There are a number of reasons why diversity and inclusion are essential in the cyber security workforce.

First, it helps create a more diverse pool of talent to draw from. This is important because diverse perspectives can lead to better decision making and problem-solving. Additionally, a more inclusive environment can help attract and retain top talent from all backgrounds. Finally, diversity and inclusion can help create a more positive work environment for all employees.

Despite the importance of diversity and inclusion in the cyber security workforce, many challenges still need to be addressed. For example, there is a lack of diversity among senior leadership roles in the cybersecurity field. This is pretty much the case when we look at UK’s various sectors. Comparatively, US numbers are astoundingly bigger, better and brighter. This subject could be our defensive power in cybersecurity.

This lack of diversity can have a number of negative consequences. First, it can lead to a homogeneous workforce that is not as innovative or effective as it could be. Second, it can create an unwelcome environment or even be hostile to minority groups. Finally, it can perpetuate the cycle of underrepresentation by making it harder for minority groups to enter the field and advance within their careers.

Equally, to give you a little perspective from this side of the fence, cybersecurity is not the flashiest discipline until a few years ago. Why?

You don’t sit in the office 9-5 job and then be free for the rest of the day. There is a constant chase to learn and train yourself with ever-increasing updates, skill-sets and tactics, techniques, and procedures (TTP). Promoting this as an exciting career path has been hard in the past.

This might take you to think of dimly-lit cubicles, hoodies et al. – that are changing; this is changing fast.

With a glass half full mentality, several commits to improvements have been made.

NCSC has already committed to improving equality, diversity and inclusion. The latest report (2021) from KPMG and NCSC included new benchmarks, i.e. disability, neurodiversity and seniority.

A small but inspiring example is when NCSC pledged to change our age-old terms from the early days of security – blacklist, and whitelist are among the commonly used terms in the industry. The removal of racial stereotyping here is a small but significant change. Blacklist and whitelist have been changed to denylist and allowlist.

“The right mix of minds makes anything possible.”

That’s a powerful quote borrowed from this survey report – Decrypting Diversity 2021 report from KPMG and NCSC, based on a survey of 1250+ cyber security professionals.

Why diversity and inclusion are important in cybersecurity?

Cybersecurity is a rapidly growing field, and everyone who works in this space must have the necessary skills and understanding of how these factors can influence the success of everyone. Unfortunately, diversity and inclusion continue to be significant challenges for the cybersecurity industry.

Despite numerous efforts by organisations across the industry, women, minorities, and other underrepresented groups face challenges when trying to enter or advance in cybersecurity work. Some of these were discussed at the cyber symposium yesterday, and hoping there will be more content available in the coming days. I’ll try to include links for more connected reading on the topic for those interested.

First, having a more diverse workforce helps ensure that all perspectives are considered, whether it is understanding and serving your customers or the overall productivity of teams. A direct example would be a 24x7x365 SOC running with multiple teams located globally. Without the factors mentioned above, it would be quite a challenge to manage without a diverse and inclusive workforce.

Success factors

Diversity can increase creativity and problem-solving abilities in teams, which can help improve the overall performance of cybersecurity. However, diversity and inclusion in the cyber security workforce remain a problem. Many organisations struggle with attracting, retaining, and promoting people from underrepresented groups such as women, people of colour, and members of other minority groups.

One possible solution is for industry, academia, and government to work together to make diversity and inclusion a priority. By increasing the visibility and representation of different groups in the field, we can help broaden the appeal of cybersecurity careers to more individuals. Additionally, strategies such as mentorship programs and targeted recruitment efforts can help support the career development needs of underrepresented groups.

Ultimately, diversity and inclusion are essential for creating strong teams to tackle the many challenges facing today’s digital landscape. By working together to promote diversity in cyber security, we can help ensure that the field remains a viable and exciting career option for people of all backgrounds.

How to create a culture of diversity and inclusion?

There are many ways organisations can create a culture of diversity and inclusion. Key strategies include mentorship programs, targeted recruitment efforts, diversity training, and diversity councils or task forces. Ultimately, diversity and inclusion form the foundation of solid teams that can tackle the challenges facing today’s digital landscape.

To improve diversity and inclusion in the cyber security workforce, industry, academia, and government must work together. Industry can provide resources for training programs to help develop a more diverse talent pool. Meanwhile, academia can support research initiatives focused on diversity and inclusion issues within the field. This can also include cybersecurity skill-set-focused subject streams in and around the domain.

And finally, the government can play a key role by creating policies that encourage diversity and inclusion in cybersecurity. We can make significant progress towards building a more inclusive cybersecurity workforce that benefits us all.

A while ago, I shared my thoughts with Infosecurity magazine on this topic. I am including four factors that are catalysts to seeing diversity and inclusion wonders in the workplace.

1. Customers: With diverse teams, you can better serve your customers because customers can relate to diverse members.

2. Productivity: Multiple ways of problem-solving, critical thinking skills and experiences help generate fresh ideas and new perspectives.

3. Equality: Equality in diversity can increase job satisfaction and motivation in employees, leading to enhanced productivity. A diversity of thoughts leads to innovation. When people with different views, opinions and backgrounds come together, it helps create an environment that promotes innovation and enhances problem-solving skills.

4. Conflict resolution: It’s not all rosy – conflicts are a reality of work-life, and managing them well leads to rewards. A positive mindset from management with a top-down approach to reducing diversity-based conflicts can be constructive.

Summing Up

Diversity and inclusion are essential for creating strong teams that can tackle the many challenges facing today’s digital landscape. By working together to promote diversity in cyber security, we can help ensure that the field remains a viable and exciting career option for people of all backgrounds. Cybersecurity is essential for protecting our digital world, and we must take care of our workforce first who is fixing this issue.

Hackers (hackers, not attackers) mentality is applicable here – information gathering is needed to break down the problem, analyse, act and …rinse and repeat!