Linking the dots on diversity in cybersecurity hiring - TechCrunch

Linking the dots on diversity in cybersecurity hiring TechCrunch

Critical thinking and problem solving are considered essential features for the cybersecurity professional - so it's time for our business to apply those capabilities to connect the dots between skills shortages and lack of diversity.

There is no question that hiring talent in sufficient numbers right now is a growing challenge - but I think a more inclusive talent pipeline would help reduce .

In their 2021 Cybersecurity Employee Survey, industry group (ISC)2 found that 2.7 million information security jobs remain unfilled worldwide. While this number is down from 3.1 million in 2020, we are far from where we need to be. Despite increased digitization and an increase in attacks, the current cybersecurity workforce of 4.2 million people worldwide needs to grow 65% to keep up with the demand for its skills.

In other words, we need to draw from a wider talent pool to fill the gaps. But as researchers from Washington, a DC - based think tank the Aspen Institute points out in the report Diversity, Equality and Inclusion in Cybersecurity, have so far “diversity efforts have failed to address the whiteness and whiteness of the cybersecurity realm. Estimates suggest that only 4% of U.S. cybersecurity employees identify themselves as Hispanic, 9% as black and 24% as women, the report noted.

It is clear that our business faces significant risks in the future if it does not find ways to recruit new talent to fill the growing number of vacancies. But more than that, the current lack of diversity stands more immediate threats as company systems are not homogeneous, and do not attack.

The Business Value authors of Infosec Multiple Team from Cybersecurity Consideration Institute for Critical Infrastructure Technology make this point strongly: “Homogeneous experiences and perspectives lead to less success compared to problem solving with teams with mixed backgrounds. ”

Proactive cybersecurity strategies, on the other hand, gather a lot of insights, which will benefit from innovation, problem-solving and consensus building.


    Moving the statement

    As the chief information security officer (CISO) of the search engine energy solutions company Elastic, I believe that individual information security leaders can do much to move the statement, at least within their organizations . What this brings is a huge dose of new thinking when it comes to hiring.

    The cybersecurity team I lead as a female LGBTQIA + CISO is made up of people who represent the realm of human nature when it comes to neurodiversity, sexual orientation, gender identity, race and age . The picture is just as different when it comes to background, educational path and business experience.

    But let me be clear: Cybersecurity talent pipeline multiplication is not just a numbers game. I don’t just focus on boarding in numbers enough to run a fully staffed team. It is also about improving the quality of that team and the work that we do.

    Simply put, a cybersecurity team is more diverse than a better cybersecurity team. In such a multidisciplinary field, different perspectives are essential. As threats and tactics change around us every day, the diverse perspectives on my team help counteract complacency by bringing new thinking to situations. Our enemies, after all, are constantly experimenting with new tactics, finding new ways to control over-control and identify vulnerabilities. My team's differing views have further confused our "hackers' thinking" approach to our countermeasures.

    The over-reliance of our industry on experts with the “right” qualifications and educational backgrounds may be a weakness - a view that was confirmed to me by David Epstein's 2019 book, “Range: Why Generalists Triumph in a Specialized World. ” Epstein argues that generalists with broad interests are more creative, flexible and able to make connections that their peers do not see as more specialized, especially in complex and invisible areas - a description that is good appropriate for cybersecurity.

    The value of diverse thinking within my current team is reflected in the ongoing data protection verification process we perform for customers. For this key compliance process, diversity is our strength, as our team can quickly overcome “how things have always been done” and find better, more efficient and - critically - effective ways. to meet changing compliance goals.

    READ  How to be one of the things that SaaS - TechCrunch

    Another example is where I have seen a clear benefit of diverse thinking from my team's approach to supporting our fully deployed staff. Being a distributed design company, with almost 80% of our employees working remotely, requires my team to think differently when it comes to privacy and data protection. Our sustained innovation in supporting remote remote operation meant we were already ready in this area when the pandemic struck, while companies had cybersecurity teams still others are struggling to make the leap.

    Taking action

    The most important thing, of course, is to change words into action. For me, it helps that I work for an organization that prioritises inclusion and acceptance for all employees in its Source Code.

    This gives managers and employees a clear set of who we are as an organization and who we want to be, telling employees: “Just come as you are. “By creating an inclusive environment for all employees, through a commitment to equal pay, an emphasis on in-house employment and prioritizing skills across the board, we can harness the talent best to hire and retain wherever they live.

    This year, our company 's ambitious DEI targets include a 40% employment rate target for women or non - women, with a 30% employment rate target for technical positions - globally. And for under-represented groups, our US employment rate target is 35%, with 27% for technical posts.

    With that support, I have personally taken positive steps to ensure that Elastic maximizes diversity in its cybersecurity talent pipeline. So here are my recommendations for other information security leaders:

    • Expand the range of qualifications. Look beyond traditional education and minimum career knowledge to see skills, qualifications, experiences and abilities gained from shorter programs, online qualifications, other jobs and participation in cybersecurity communities that support a well-established core understanding of systems and their vulnerabilities.
      Some of the most successful teams I have built over the years have come not only from various IT backgrounds, such as systems architecture, business auditing and project management but from completely outside IT control. For example, I hired a former emergency medical technician who moved into a health care fraud audit before joining my team. Former lawyers have paid close attention to detail. People with a marketing background have been able to handle the challenges of consumer data privacy with compassion, and those from the financial sector will bring new thinking to compliance issues.
      But what they all have in common, and what has really contributed to my infosec teams, is their curiosity, willingness to question, and the joy of learning and trying new things. The moving experiences are just as important, if not more importantly, the special skills.
    • Encourage under-represented groups. Add language that clearly expresses your interest in groups that leave out of employment pools, such as women, people of color and members of the LGBTQIA + community. Job descriptions should make clear that the company fosters a welcoming environment for all and encourages the personal and professional development of its cybersecurity talent.
      For example, I have hired a recent intern intern program that does not have the usual security credentials. Most of these employers quickly moved into full-time positions and outperformed cybersecurity veterans. I have also taken steps to work more closely with local community colleges to find graduates and with recruitment experts who aim to provide more diverse candidates for cybersecurity roles, such as CyberSN.
    • Make your recruitment process accessible. Many applicants are discouraged if the recruitment process has not changed for people with accessibility needs. We have worked to ensure that everything from our hiring site to our in-house digital premises and equipment follows international guidelines and translates into an advanced environment for all applicants and employee.
      Hiring anonymously is an important part of this process. I frequently review with the removed identification information to ensure that uninformed bias does not play any role when judging job candidates.

    Cybersecurity teams need people with diverse life experiences, education and skills, so our recruitment efforts need to reach a much wider audience. If they do not, there is a danger that we will overlook talent and exclude ideas that may be instrumental in delivering our mission as a business. If we allow that to happen and continue instead of competing for the increasingly scarce talent that responds well to age trends, we will be to blame.

    Related Posts

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *


    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information