New perspectives and diverse mindsets are needed to stay ahead of evolving attacks, yet diversity in cybersecurity remains woefully inadequate. By Esther Shein

THE CYBER THREAT LANDSCAPE is constantly evolving, requiring a variety of viewpoints and diverse representation to offer fresh ideas. “In order to solve problems that haven’t existed before, you need to bring in new perspectives and diverse mindsets,” says Deepa Seshadri, a partner in the risk advisory practice at Deloitte. “That includes not only different gender identities but different cultures, experiences, nationalities, etc.”

Lynn Dohm, executive director of the Women in Cybersecurity(link is external) (WiCyS) organization, points out that there are diverse groups of people attacking U.S. infrastructure, “so we need diverse individuals to defend us. I believe that a broader and more varied perspective is more effective. Everyone has something to offer.”

Yet at a time when diversity, equity, and inclusion (DEI) has become a corporate priority, diversity in cybersecurity remains woefully inadequate.

A report from (ISC)2 finds that minority representation in the cybersecurity field is 26%, and WiCyS says women make up between 20% and 24% of the cyber workforce.

While many DEI efforts are well-intentioned, they are often for entry-level positions, according to Dohm. “We need to start looking at the talent pipeline: Is anyone staying in those positions? We are hearing that they’re not, and we are trying to understand why.”

The Roadblocks

A recent WiCyS report on the State of Inclusion of Women in Cybersecurity(link is external), which was developed following a series of workshops with 300 women, found that exclusion comes mostly from management and peers and not from company policies. It also found that cybersecurity firms have a significantly higher level of exclusion than non-cybersecurity firms.

Most telling was that 68% of participants cited leadership as being a source of experiences of exclusion, followed by managers (61%) and peers (52%).

The WiCyS study also found that exclusion is widespread: 83% of participants shared at least one experience of exclusion. However, organizations with 5,000 or more employees seem to be more inclusive than smaller companies, according to the study.


How to Move the Needle

There are two issues WiCyS continually struggles with: You can’t have diversity unless you have a talent pipeline, and you won’t have a pipeline if you’re not tapping into diversity, Dohm says. “WiCyS is trying to bridge that gap by cultivating a community of women interested in cybersecurity.”

Having a village that focuses on the perspective of women in cybersecurity helps to foster change, and it provides representation for some of the industry’s most neglected members, agrees Tennisha Martin, executive director of the BlackGirlsHack foundation. Although not intentional, the industry as a whole and conferences “have managed to portray an industry that lacks diversity and inclusion,’’ she says.

“They perpetuate the bias that women aren’t hackers and that we aren’t a part of the larger community,’’ Martin explains. “What BlackGirlsHack does to move the needle is show that there are hundreds and thousands of women who exist in this space who can work, contribute, [and] speak to what the future in cybersecurity looks like.”

Deloitte’s Seshadri says there are a few measures she sees organizations taking:

  • Creating awareness of what is possible in the cybersecurity field
  • Developing cyber programs for women who are on a career break
  • Specifically recruiting women
  • Offering mentorship and sponsorship programs
  • Conducting training to overcome unconscious bias
  • Celebrating the successes of women in the cybersecurity field

Diversity not only strengthens approaches to problem-solving and perspective, but it also strengthens the bottom line, Martin says. However, many companies fail to recognize this as they move to de-prioritize diversity in times of economic uncertainty, she notes.

Dohm, however, says that the state of diversity in the cybersecurity industry is improving, “but we’re still not there. Many women working in cybersecurity are … not feeling that [the statistics] accurately reflect their place of employment because many of them are still the only female on an otherwise all-male team.”

“BlackGirlsHack is working to move the needle,’’ Martin concludes, “but the needle is hard to see in the haystack.”

ESTHER SHEIN is a longtime freelance tech and business writer and editor.

Read the original article HERE