Enterprises consistently rank cybersecurity as a top priority, yet most cybersecurity teams feel they lack the resources or staff to effectively protect company data. In 2022, the cybersecurity workforce faced a gap of nearly 3.4 million people globally, according to an (ISC)2 study.
One solution to the cybersecurity skills shortage is to diversify the hiring pool, which remains mostly white and mostly male. A 2021 Aspen Institute survey on diversity, equity, and inclusion (DEI) in cybersecurity found that 4% of the cybersecurity workforce identify as Hispanic, 13% identify as Black, and 21% identify as women.
Despite industrywide efforts to make tech a more equitable and inclusive field, these numbers illustrate how homogenous the industry remains.
Breaking Down Barriers in Cybersecurity Hiring Practices
A major issue lies in a company’s hiring practices, said Marcy Klipfel, chief engagement officer at Businessolver, a provider of employee benefits management technology.
DEI programs and affinity groups might aid in positive retention, but companies often struggle to find diverse candidates in the first place. If hiring managers are focused on replacing a former employee without considering the value of different skillsets, backgrounds, or work experiences, they are likely going to land on a white male hire. “Within cybersecurity, there's a couple of things going on: You already have women leaving the workforce at an alarming rate because women working in cybersecurity are under dual stress, the first being that they are working within a field that is incredibly stressful, and the second stressor being that they are a minority within their field,” Klipfel said.
Tech has the advantage of remote work, allowing hiring managers to find employees from diverse geographic locations. Additionally, remote work allows employees the flexibility to work from anywhere, removing the barrier of a commute, and, in some cases, rigid working hours.
Empowering Underrepresented Groups Through Mentorship and Training
Both long-term and short-term investments are needed if companies are serious about creating diverse, equitable, and inclusive workforces. The long-term investments include supporting organizations that empower people of color, queer people, and women, such as Black Girls Code, Code 2040, Dev Color, and Maven Youth. The goal is to create a more inclusive tech industry where individuals from underrepresented groups can see themselves reflected in the company culture.
Klipfel suggested that if an organization is unable to find a diverse candidate for a position, they should consider investing in and mentoring an employee from within who has an equivalent skillset, but not necessarily the standard experience.
Mentorship and intentional training can result in less homogenous viewpoints within a workforce, which becomes especially important within cybersecurity, a field rooted in responding to rapidly evolving risks. “Hackers only get smarter and trickier and trickier,” Klipfel said. “We have to have people who can come to the table and have that different type of thinking, to be able to be creative and strategic about where there might be blind spots or things we're not thinking of to keep us safe and keep our risks very, very low.”
Living by Company Values
Empathy is integral to cultivating equitable workforces. “You have to continually seek feedback from your employees. You have to ask: Can they relate to their manager? Does their manager bring empathy to the table?” Klipfel said. “In return, employees should be asking: 'Am I in an inclusive environment? Do I feel respected?' ”
A company’s culture is shaped by each employee. Company leadership, however, holds a lot of power when it comes to whether the company will act according to its cultural values. “Everybody has to own it when it comes to an inclusive culture,” Klipfel said. “That's why [Businessolver has] people sign a pledge when they come in. They pledge that they are going to live by our values, specifically around being empathetic and creating an inclusive environment, because you have to put that importance on each and every person who represents our brand. Otherwise, it's just talk.”