(ISC)² published a research study that highlights the unique challenges diverse cybersecurity professionals around the world face and provides recommendations to create positive change.
The research provides rare access to the personal experiences of minority cybersecurity practitioners, providing a lens with which to view the concepts of equity and inclusion in today’s workplaces.
The focus group research included diverse professionals from nine countries across the globe and asked how Diversity, Equity and Inclusion (DEI) is defined in different regions, why creating DEI programs that work is so difficult, the types of work-related challenges diverse professionals face, and what strategies they believe are successful when building diverse cultures. The study outlines eight recommendations for improving DEI in cybersecurity teams, from implementing cultural sensitivity training to documenting clear advancement practices.
“The most effective way to build awareness of the need for DEI is to help convey the real experiences of diverse professionals to all of their peers. Instead of focusing on statistics and demographics, we listened to the concerns raised and challenges faced by these individuals and are doing our best to amplify their voices,” said Clar Rosso, CEO, (ISC)².
“What we found is that many issues are universal to the experiences of diverse professionals no matter where they live and work. That tells us that the strategies and solutions to improve organizational practices also have a lot in common, including overcoming unconscious bias, providing pathways for advancement, hiring diverse leaders and championing equitable pay structures.”
Respondents’ firsthand accounts and advice on improving DEI in cybersecurity
“The diversity of thought is a global crisis. I mean, it needs to be in the cybersecurity workforce or else nothing’s going to be secure in this world.”
“My organization has made DEI training mandatory and not voluntary like it used to be. They have also hired several women for key leadership positions. I’ve witnessed a change in the past year with more people sharing their ideas and collaborating, rather than everyone trying to protect their territory.”
“I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own. They get credit for my talent. It would burn me so bad but, yet, I didn’t really have anyone to lean on.”
“As the only woman in my team, I always had a hard time finding a mentor I could relate to or who gave honest advice. I often felt lonely and had to learn a lot of things through trial and error.”
“It’s easy to start an initiative when the global temperature on diversity is so high. However, DEI initiatives typically don’t get fast results. They are a slow, tedious process that requires ongoing commitment and dedication from the whole organization, along with designated performance metrics that help to track success and keep stakeholders’ motivation up.”
“In the public sector in the U.S., there has been a lot of focus on getting more women, getting more minorities and getting everyone to share their story. Hiring diverse professionals, with less solid skill sets and putting together work teams with an experienced leader that helps everyone get to a similar level of skill set. Having diverse teams to promote different ideas and perspectives, not only their cybersecurity-related skills.”
“We see a lot of diverse professionals in entry-level positions. But they don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them. They feel lost.”
“We need more Black women and Latinas in cybersecurity, speaking, showcasing their talent, being the trailblazers and paving the path for others knowing that these cybersecurity careers exist, and that it’s personal.”
“Cybersecurity today should be a topic as important as fire safety or health education. We need to start building awareness earlier on so children start embracing it from a young age, dreaming about becoming a cybersecurity officer just as they dream of becoming a fireman or a doctor.”