By Mischel Kwon
Standing in a booth for the first time in well over 10 years at Black Hat, promoting the new Cybersecurity Diversity Foundation, I found myself talking about a completely different subject than I had intended. I was there to talk about inclusion of all people, and instead found myself reassuring males that I was not talking about excluding them. One by one, men were standing in line waiting for me to give them a technical definition of diversity.
Diversity is not what most people think it is. It cannot be defined by a balanced statistic. It is not all about women or race. It is the inclusion of difference – all kinds of difference. Generational diversity, religious diversity, political diversity, marital status, gender, sexual preference, diversity of thought and more.
As humans, we are programmed to gravitate to those who are like us. We dress alike, talk alike, move alike, and do like things. Cybersecurity is a unique field. It is a small group where relationships are first based on similarity and trust. This makes our field even more difficult because we have to work even harder to curb unconscious or even personal bias. As we look at the lack of diversity in our field it should concern us. We gravitate to these homogenous groups because they are easy. There is little conflict. Everyone agrees.
The Labor Department tracks the position of information security analysts – one narrow channel in the field of cybersecurity – and looking at the statistics on just race and gender (not even all forms of diversity), it is clear that our field struggles with diversity.
It is easy to understand why those in the majority may be sensitive about the thought of being replaced in an effort to create a more diverse field. But let’s be very clear – we are not talking about replacing anyone. When you look at the field of cybersecurity, you can see that we are challenged by a shortage of qualified professionals. In fact, according to the Bureau of Labor Statistics over 209,000 cybersecurity jobs in the U.S. are unfilled.
As a person who embodies many types of diversity, I will tell you right now: I do not want a job because I fit into one or more diversity categories. I just want the opportunity to be included – and not only in employment, but in opportunities such as training, public speaking, and leadership roles. And when I say opportunity, I mean an opportunity to compete for one of these roles because I am the best qualified. If you think about it – this in itself is a very tricky statement. As business growth strategist Yvette Dubel says, “Brand risk management innovation requires that businesses interested in growth, sustainability and hope of building/maintaining a legacy [think outside the box, so] brands take note if you intend to lead rather than follow your competitors.”
There are many opportunities to be found in the lack of diversity in the cybersecurity field and the workforce shortage. Our world is no longer made up of distant lands and people; thanks, in part, to the Internet, “increasing globalization requires more interaction among people from diverse cultures, beliefs, and backgrounds than ever before.” (note: this link opens a PDF in a new window)
Our field can benefit from the advantages that a diverse workforce brings to the table:
- different ways of thinking and unique ideas
- a variety of work ethics and cultural expertise
- numerous language skills
- better creativity
- greater productivity
- competitive advantages
- increased marketing opportunities
- enhanced business image
- economic growth
But we must pay attention to other solutions besides simply improving the hiring statistics. We must pay attention to unconscious bias – from the job description to the interview to promotion selection process. Most importantly, how do we work on creating trust between groups of people who are diverse in age, race, sex, religion, language, sexual preference, marital status, diversity of thought and many other ways?
Creating a diverse cybersecurity workforce is not a social cause; it is something we must do. It’s a critical piece of improving how we accomplish cybersecurity. We must have a diverse workforce to come up with the best thinkers, the best technologies, and the best solutions. Our adversaries have diversity in their arsenal; we need it in ours. We must also open our minds to the realization that we are leaving ideas on the table – in fact, they might not even be on the table because we are leaving people out.
So why the Cybersecurity Diversity Foundation? We appreciate all the organizations that exist today that promote diversity and support them 100%. The CDF is all about inclusion through scholarship, training programs, grants, and partnering with other organizations. We need a place to all come together and work towards a diverse cybersecurity field – and the CDF can be that place.
The next time you see me at a conference and ask me to define diversity, my answer to you will be: “What is your diversity?” because I know there is something that makes you unique and therefore an important part of the cybersecurity solution.