3.1.23 > Tina Meeker
In recent years, the importance of diversity and inclusion in the workplace has become increasingly clear and while we’ve made progress, we still have a long way to go. Companies are recognizing that a diverse workforce can lead to greater creativity, innovation, and productivity. When it comes to cybersecurity, the need for diversity is particularly crucial. Cybersecurity threats are constantly evolving, and having a team with a variety of backgrounds and perspectives can help organizations stay ahead of these threats.
Diversity is Crucial in Cybersecurity.
The need for diversity in cybersecurity stems from the fact that cyber threats can come from a wide variety of sources. Hackers can be located anywhere in the world, and they can use a range of tactics to gain access to an organization’s systems and data. A diverse team of cybersecurity professionals can help organizations understand and anticipate these threats. A team with members from different cultural backgrounds may be better equipped to identity and respond to social engineering tactics that are specific to certain regions.
Diversity in cybersecurity can also help organizations be more innovative. A team with members from different backgrounds may be more likely to think outside the box and come up with creative solutions to cybersecurity challenges. Additionally, having a diverse team can help organizations better serve their customers/stakeholders.
We Need to do Better.
Recruiting and retaining for diversity in cybersecurity can be challenging. Here are some tips to help you recruit and retain top diverse talent in your organization.
- Don’t just lean on your recruiter: Cybersecurity hiring leaders too often work with a recruiter and handoff a job description and wait for the returns. Cyber leaders must be part of the recruiting process by partnering close with their recruiter and respectfully challenge traditional recruiting tactics (read on) and put themselves out there in the cyber community and plug into organizations that serve diverse communities (see number 3). I also recommend working with recruiters (if you have a choice) that have experience recruiting in the cybersecurity field.
- Look beyond traditional qualifications: When recruiting for cybersecurity positions, organizations often focus on technical qualifications, such as certifications, years of experience and degrees. It’s important to remember that cybersecurity is a multidisciplinary field that requires a range of skills and expertise. Look for candidates with diverse educational and professional backgrounds, such as psychology, sociology, and even communications/marketing. Degrees are great – but they should be viewed as one of many data points and shouldn’t be a “rule-out” metric alone. You can look within your company for talent in typically lower salaried areas such as customer service or helpdesk. You may be surprised at how many of these individuals may already have an interest in cyber and/or are willing to learn new skills to level-up their career.
- Cast a wider net: To recruit for diversity, you need to think more broadly. Don’t rely on traditional recruiting methods, such as job postings (i.e., “post and pray”) and referrals. Reach out to organizations that serve diverse communities, such as WiCyS or Cyversity and attend events that attract diverse candidates.
- Champion an inclusive workplace culture: To attract and retain diverse talent, it’s important to create an inclusive workplace culture. This means promoting DE&I within your company (not just words, but action), as well as providing opportunities for professional development and advancement.
- Offer mentorship and support: Cybersecurity can be a daunting field, especially for those who are underrepresented. Offering mentorship and support to new hires can help them feel more confident and comfortable in their roles.
Tina Meeker, MBA, CISSP is the Vice President of Information Security & Enterprise Architecture at Sleep Number Corporation and the Vice President of the Minnesota Affiliate of WiCyS (Women in CyberSecurity).