Why Cybersecurity Depends on Diversity & Inclusion

It’s as serendipitous as it seems designed that there are two important worldwide recognitions in the same month: Global Diversity and Cybersecurity Awareness, both of which are recognized in October. The intersection of diversity & inclusion and cybersecurity is a powerful reminder that diversity fuels innovation. The more varied the experiences and thinking of its people, the better the outcomes.

We know instinctively that diversity and inclusion (D&I) matters. It offers advantageous returns by boosting innovation, creating a happier employee culture and offering financial rewards. Diverse companies are more likely to have higher profitability. Likewise, gender-diverse organizations are 45% more likely to improve market share and achieve 53% higher returns. Among ethnically and racially diverse cybersecurity professionals who also identify as “people of color,” optimism is strong and job satisfaction is high, despite the unique obstacles they face.

Most executives will say that there’s no greater asset than a diverse workforce, especially when it reflects their customers. Cybersecurity draws from a diverse set of people from different fields, industries, geographies and ethnicities. As I look at the security business, it’s clear our team comes from all walks of life and corners of the globe. It’s our diversity that keeps us connected to our customers’ needs

While there has been progress, a lack of diversity industry-wide persists. And it’s not good for anyone. There are people who eagerly want to join the cybersecurity industry but have not found their way in–those with relevant education and experience but whose talents are undervalued. And the industry at large can be a change agent. The cybersecurity industry depends on diverse talent and their unique approach to problems.

Multifarity among Malicious Thinkers

Cybercriminals are our biggest competition. They are organized, motivated, sophisticated, shrewd, well-funded and resourceful. They have an extensive array of skills. And while they may have a one-track mind, attackers are often part of a complex and diverse web of accomplished hackers. Lone rangers they are not. In fact, in an assessment of last year’s SolarWinds attack, at least 1000 engineers were involved in creating the attack. That’s a lot of aligned malicious minds.

Our best chance in defending against cyberterrorists depends on how well we understand their psychology and behaviors. Attackers come from all backgrounds and work in a borderless environment. So, it behooves our team to be as diverse to drive creative thinking and innovation and combat their hostile efforts. A cybersecurity team embodying individuals with varying experiences offers a fresh outlook and perspective. And our collective differences make us smarter, by fusing our cumulative knowledge when tackling security challenges.

The diversity of our team better positions us to think like the attackers. It can improve how we consider how attackers look at their opportunity, and how we contemplate their various assumptions. It can give us a clearer ability to envision approaches attackers are utilizing, while also predicting their behavior patterns. Diversity is powerful in how it helps us develop solutions to adequately defend against attacks.

Value in the (Un)like-Minded

Part of a diverse team’s composition is their educational and experiential paths into cybersecurity. Not all cybersecurity professionals’ routes into the field are the same. Some take a road less travelled. In fact, 30% of all cybersecurity roles are filled by people with non-technical backgrounds. And there’s a cybersecurity workforce gap of 3.5 million global IT jobs unfilled, meaning the workforce needs to grow by 145% to help close that gap. That’s a lot of non-technical jobs.

Embracing talent beyond traditional cybersecurity-related experiences and education helps diversify the talent pool. It mixes things up and brings together unlike-minded cyber-sages who can add immense value. Loosening the antiquated criteria and requirements will allow teams to identify quality team members—included those who otherwise would be overlooked.  Click on Page 2 to continue reading…