Cybersecurity is a field like no other. It’s interdisciplinary, it involves detective work, and it’s focused on defending against a wide variety of threat actors. At the end of the day, it’s all about protecting a company’s data, assets and reputation. And, perhaps most importantly, it’s a field that is constantly evolving.
That doesn’t just make it a fascinating field. It makes it a field that calls for a diverse workforce.
Why is that? For starters, the more perspectives a cybersecurity team can bring together, the wider and more reliable the safety net it provides to clients. And given that threat actors are themselves diverse, a cybersecurity team with similarly varied backgrounds is best equipped to understand how those threat actors think and operate.
It’s also because cybersecurity is about much more than technology. While tech certainly plays a major role here, the mission of detecting cyberthreats and mitigating the risk they pose is largely about understanding people.
Taken together, these factors mean that cybersecurity companies need multiple types of diversity in order to reach their full potential. Not only does this include the categories people usually refer to when they use the term diversity, but it also includes neurodiversity (variety with regard to neurological functioning) and differences in training, life experience, and professional expertise.
But, as far as the field of cybersecurity has come in so many regards, the numbers show that it still has a long way to go when it comes to diversity. Still, there are some encouraging signs.
Consider this:
Although minorities represent 26% of the U.S. cybersecurity workforce (slightly higher than their representation in the general workforce in the U.S.), only 23% of minorities in cybersecurity hold a title of director or higher – 7% lower than the average in the U.S. (Source: Innovation Through Inclusion: The Multicultural Cybersecurity Workforce.)
Women represent approximately 24% of the global cybersecurity workforce, but the numbers show that they are disproportionately represented in cybersecurity leadership roles. (Source: 2019 Women in Cybersecurity Report.)
Slightly more than half of cybersecurity professionals (51% of both men and women in the field) say the representation of women in the cybersecurity workforce has increased over the past five years, while 40% of women and 37% of men in the field say women’s representation has stayed the same over that time period. Meanwhile, 7% of women and 4% of men say women’s representation in cybersecurity has decreased over the past five years. (Source: (ISC)2 Cybersecurity Workforce Study, 2020.)
In the U.S., 82% of women in the field of cybersecurity say they see a gender bias problem in the field, compared to 49% of women in the field in the U.K. (Source: Tessian Opportunity in Cybersecurity Report 2020.)
Of course, figures like these only tell a small part of the story. Making the most of diversity within a cybersecurity company is not just a matter of numbers, but also one of company culture.
Embracing diversity is about more than hiring
For today’s cybersecurity companies, it’s not enough to hire a diverse workforce. To make the most of that diversity, they must foster a supportive workplace culture in which people are eager to express diverse opinions. In a word, what they need to prioritize is inclusivity.
One important step toward realizing the goal of inclusivity is having a diverse management team. Not only does this encourage diverse job candidates by showing that they can move up within the company, but it also helps foster a culture in which diversity is seen as an asset.
At Cybersixgill, building inclusivity within our company is an ongoing project that goes well beyond the hiring process. One key has been assembling an upper management team with gender diversity. Today, of the seven members of our Executive Team (not counting the CEO), three are women and four are men.
We also recognize that achieving the goal of inclusivity – and maintaining an inclusive culture on an ongoing basis – requires cooperation and collaboration from throughout the company’s organizational chart.
“Diversity is essential to Cybersixgill, both as a matter of fairness and as a matter of strategy. That certainly includes demographic diversity, but it also includes educational diversity. It’s important to keep in mind that not all of the most qualified job candidates will have a technical background or a certain degree,” says our CEO, Sharon Wagner. “We are committed to bringing in outstanding candidates, with the highest skill sets, regardless of their formal education or background.”
And while diversity enhances the quality of the cybersecurity services we offer, it also helps us reach a global audience. One of the key teams involved in this effort is our Marketing Department.
That department is headed by Meira Primes, our CMO. As both an immigrant and one of the three women on Cybersixgill’s Executive Team, she has a unique perspective on fostering an inclusive company culture. She also has varied international work experience, which has given her a particular appreciation of the value of bringing together diverse backgrounds, perspectives, ethnicities, and skill sets within a team.
“You want to get the best employees regardless of their background, and you want to bring together diverse expertise. At the end of the day, I’ll hire on talent – but I go out and look for diverse talent,” she states, adding that she views hiring as just one step towards inclusivity. “I have an open-door policy, and flattening the company hierarchy is an essential part of my role – both as a marketing professional and as a member of Cybersixgill's upper management. It’s no coincidence that in previous positions I’ve held in different companies, I’ve done almost every job on my current team. And today, I have the privilege of tapping into that experience to help each team member achieve their full potential.”
Moving forward all the time
Here’s the good news: If there’s one thing cybersecurity companies do well, it’s to innovate quickly. That’s largely because – let’s face it – we don’t really have a choice. The technologies out there are constantly progressing, and so are the threat actors. If a company doesn’t keep developing, it will quickly get left behind.
If all of us in the field of cybersecurity approach the challenge of increasing diversity and inclusivity with that same kind of goal-driven, fast-moving enthusiasm, we’ll all be better off for it, and so will our clients. Threat actors are diverse, and they share knowledge all the time – not just across organizations, but around the world. For a cybersecurity company to offer the best possible protection against those threat actors, and to reach clients on an international scale, it must develop the best possible team to achieve those goals.
Building diverse teams is an important step in the right direction, but it’s not enough. Given today’s challenges, cybersecurity companies need to leverage diversity effectively – and that requires all of us to work together to build (and keep building) a culture of inclusivity.