Embracing diversity and inclusion has become a major initiative for all verticals, but it has never been a higher priority for the cybersecurity industry. There is already a massive cybersecurity skills gap, and it’s only going to grow wider. It’s more important than ever to have a new mindset when identifying the best candidates to fill open positions—even independent of direct experience. Businesses should reassess how they recruit, how they train new employees, and how they communicate across all levels of the organization to stay competitive.
Building a Culture of Diversity Takes Time and Commitment
Cybersecurity is an industry traditionally dominated by white males—demographics that stem from college admission rates and wealth disparity. Women and minorities entering the industry simply may not have the same college, military, or work experience pedigree that many of their male colleagues have, which leads decision-makers to overlook talented candidates in favor of those who appear to have a more impressive resume. In some hiring situations, undue pressure can also be found on those who do get opportunities. In these situations, increased scrutiny is placed on employees from diverse backgrounds and their failures held under a microscope. This can create a fear of failure and often the holding back of new ideas that could have achieved better results.
Fostering an inclusive environment built on teaching, collaboration, and experimentation helps eliminate the fear of unfair repercussions, and this can take time. Cybersecurity is complicated, and while “experience” has a high value on a resume, more diverse thinking can often come from those without directly related experience. Organizations can bridge a lack of direct experience with robust training and onboarding programs, enabling them to bring on highly talented people who perhaps lack a specific background. Cybersecurity organizations unwilling or unable to onboard less experienced candidates risk missing out on potential industry innovators who will move on to another organization more receptive to their ideas.
This shift in approach is most successful when there is support from the top down and includes the ability to identify crucial skillsets during the hiring process, be provided with a training budget to close skillgaps, and be given additional onboarding time to get individuals up to speed. For example, allowing new hires longer periods of time to shadow current employees can prove highly valuable for both the new employee and the hiring manager.
In this vein, it’s critical to identify the organization’s best trainers and role models vs. their best athletes. Michael Jordan was a great basketball player, but that doesn’t necessarily mean he would have made a great coach. Likewise, cybersecurity experts aren’t necessarily the best trainers. Do they have the right level of patience or ability to communicate? Can they break down and relay information in a way that lets other people replicate it? Having the right training programs and trainers are both critical aspects of getting high-propensity employees up to speed and in optimizing their success.
It’s Time to Change “The Way We’ve Always Done Things”
Organizations can be hesitant to make such significant changes. This resistance isn’t necessarily the result of stubbornness—often, it’s driven by years of experience, expertise, and success. People fall into habits and routines, and just about everyone has heard the phrase, “that’s how we have always done things around here.” Organizations can be slow to update how they operate—especially today, when even the most dedicated early adopters find themselves challenged with keeping up with the rapid pace of technological change. It can be frustrating to have an idea brushed off in favor of a less efficient one just because others once considered it as cutting edge. It isn’t easy for an engineer who has done things a certain way for years to change ingrained habits, but change is often necessary to stay relevant and drive innovation.
Accepting this need to change is where the cybersecurity industry has the greatest opportunity to embrace diverse voices. When one has been doing something for a long time, muscle memory takes over. One knows what to do, so one does it—and it works. But just because something works doesn’t mean it can’t be improved. Realizing that different approaches can yield better results—and opening the lines of communication—can often spur new and differentiated solutions. After all, if everyone had clung to the idea that horses work just fine, society would never have invented the car.
Ideas Can Come from Anywhere—So Make Everyone Feel Valued
Younger generations have quickly come around to this way of thinking. Most grew up learning more inclusively than previous generations. And while some mock the “everybody deserves a medal” mentality, many business leaders have adopted a similar mindset where everyone has a voice. By opening their doors and encouraging more open communication across all levels of the organization, they have allowed employees to voice new ideas that they may not otherwise have heard. This openness has allowed collaboration and cooperation not just within working groups, but across departments and throughout the leadership structure.
If organizations want to encourage diversity and inclusion and enjoy the many advantages that come with bringing valuable new perspectives to the table, embracing collaboration, communication, and effective training are critical. Businesses today understand that good ideas can come from anywhere. Ensuring that employees from a wide range of backgrounds, experience levels, and points of view get listened to is an essential part of bringing cybersecurity innovations to light.
Finally, encouraging voices from all backgrounds and experience levels helps generate buy-in to new ideas. Knowing that ideas are welcome and encouraged breeds faith in the organization overall. By going a step further and demonstrating a commitment to investing in employees with on-the-job training, organizations can help close the cybersecurity skills gap by attracting and retaining diverse new talent capable of providing the game-changing solutions the future demands.
By Carolyn Crandall, Chief Deception Officer, Attivo Networks