The cybersecurity landscape is, traditionally, not very diverse. There. We said it. In 2019, just 20% of the workforce in our industry comprised women, and people of colour represented even less. So why isn’t the cyber realm more welcoming?
As hackers get more sophisticated and inventive, cyber teams need to stay ahead of the game with more diverse ideas, creative strategies, and out of the box problem solving skills. However, it’s difficult to achieve this if everyone on your team is from a similar background with the same cookie-cutter experiences. Being more diverse will simply cover more bases when it comes to threat attack vectors. For example, younger workers may be more familiar with modern threats such as smishing (SMS phishing) and vishing (voice phishing) – terms that older generations may be less familiar with, while some studies prove that male-oriented teams gauge risk differently to those with a more of a female influence.
Cloverpop found teams that practice an inclusive decision-making process, with input from a varied range of people, made decisions twice as fast and delivered better results by up to 60%. So, to be able to tackle emerging threats from as many angles as possible, there needs to be a wider range of educational and linguistic backgrounds, greater ethnic diversity, and even neurodiversity.
Sian John, the Director of Cybersecurity Strategy at Microsoft, thinks the sociological and psychological side of cyber is the most exciting one. She stated that “there isn’t one type of person who should consider a career in cybersecurity.” Her passionate, motivated employees share one trait found industry wide: the desire to make the world a safer place. The only way to make sure we can face future threats head-on, she says, is with a more-the-merrier attitude; “there’s always a way in.”
So how can companies make security teams more diverse?
Move away from traditional hiring
CVs contain all manner of certificates and achievements, but too often they’re all bark and no bite. Take the example of three brain surgeons, one of which you’re choosing to complete an operation. The first has read 150 textbooks, the second holds 20 certificates, and the third has completed 200 hours of hands-on practical work. We’re certain you’d pick the third surgeon. The same skills-based logic applies to cybersecurity specialists. Practical, hands-on experience is what matters in the field, not how many books you’ve read or how many years you spent at university.
Employees who are ‘qualified’ in cybersecurity tick certain boxes because, technically,
they have passed a course that proves they can be left in control with no additional training. However, most cybersecurity certifications are theory based, requiring little demonstration of real-world skills. Joseph Blankenship, a research director on Forrester’s security and risk advisory team, agrees. “Get outside normal channels,” he says. “Instead of looking for specific toolsets, for entry-level positions look for intellect and motivation.”
Ditch the CV. You’re looking for specific personality traits, aptitude, and potential, not pre-existing hard skills. During your next job search, identify candidates with perseverance, curiosity, creativity, competitiveness, and more than anything, a willingness to learn.
Hire from different backgrounds
These desirable qualities can be found in all manner of people, not just technical graduates, so it’s important to look at alternative channels to find the right candidates. The Telegraph reported that the Armed Forces are now recruiting personnel with “very different skill sets” as cyber warfare becomes more prevalent. Recruits will no longer need to fit certain body types or take fitness tests, as the Forces aim to encourage diversity among a workforce that deals with more than 1800 cyberattacks a month.
On the other side of the coin, it’s thought that previous military personnel might already come with traits useful in a cybersecurity position. Our Veteran Digital Cyber Academy helps veterans from any military background who are looking to re-skill and change career paths by helping them develop cyber skills and earn recognition from top employers.
The same goes for neurodivergent individuals looking to pursue a career in cybersecurity. Open to all within the neurodivergent community, the practical-learning environment helps you develop skills, while also hosting job opportunities from global clients ready to welcome you into their businesses.
Heidi Shey, Forrester’s lead on data security and privacy, says we need to look beyond what we think of as traditional backgrounds or experience. “Pay attention to career changers, because they bring different types of experiences and perspectives to the table.”
Our Digital Cyber Academies provide free access to our platform for certain individuals to identify new talent based on skills and attributes, not degrees or certifications. Find out more here.
Identify talent within your existing workforce
A company needs all manner of people and expertise to function properly. For this reason, it’s worth opening up cyber skills training content to all your staff – not just the IT folks. There will be a wealth of transferable skills already present within the team, whether that’s communication, resourcefulness, a competitive edge, or quick thinking.
As well as keeping your entire network more secure (after all, human error accounts for 90% of all cyberattacks; everyone is capable of absentmindedly clicking a malicious link), training everyone up in some security basics will help you identify staff who excel or show potential in some areas, including any relevant to particular security risks. You want your workforce to embrace challenges, and employing this strategy will allow their base skill sets to flourish.
Set up a Diversity and Inclusion working group
Differing life experiences make for differing experiences of diversity. At Immersive Labs, we invest time into a Diversity and Inclusion working group, to brainstorm ideas and action changes in our company that will improve understanding of complex issues and help people feel safer or more included.
With volunteers from every corner of our organization – including sales, engineers, marketing, finance, developers, HR, director and C-suites – coming together, we are improving the way we recruit, fixing outdated language, investigating more outreach opportunities to inspire candidates from different backgrounds, undertaking surveys of our staff, and generally trying to become more accessible and a safe space for everyone.
To find out more about how you can align your company to be more diverse and inclusive in the working world, check out our Ultimate Cyber Skills Strategy Cheat Sheet.
30 September 2020
Latest Blog posts
One-day exploit party with SaltStack
2 March 2021
Why so salty? Local privilege escalation on SaltStack minions
26 February 2021
Diverse organizations build high-performing crisis response teams. Here’s how.
24 February 2021
New package management flaw: dependency confusion
22 February 2021
Being out in the workplace: Why being open matters
15 February 2021
The digitalization of kidnap and extortion: a modern business dilemma
11 February 2021