Embracing diversity and inclusion has become a major
initiative for all verticals, but it has never been a higher priority for the
cybersecurity industry. There is already a massive cybersecurity
skills gap, and it’s only going to grow wider. It’s more important than
ever to have a new mindset when identifying the best candidates to fill open
positions—even independent of direct experience. Businesses should reassess how
they recruit, how they train new employees, and how they communicate across all
levels of the organization to stay competitive.Building a Culture of Diversity Takes Time and CommitmentCybersecurity is an industry traditionally dominated by
white males—demographics that stem from college admission rates and wealth
disparity. Women and minorities entering the industry simply may not have the
same college, military, or work experience pedigree that many of their male colleagues
have, which leads decision-makers to overlook talented candidates in favor of
those who appear to have a more impressive resume. In some hiring situations,
undue pressure can also be found on those who do get opportunities. In
these situations, increased scrutiny is placed on employees from diverse
backgrounds and their failures held under a microscope. This can create a fear
of failure and often the holding back of new ideas that could have achieved
better results.
Fostering an inclusive environment built on teaching,
collaboration, and experimentation helps eliminate the fear of unfair
repercussions, and this can take time. Cybersecurity is complicated, and while
“experience” has a high value on a resume, more diverse thinking can often come
from those without directly related experience. Organizations can bridge a lack
of direct experience with robust training and onboarding programs, enabling them
to bring on highly talented people who perhaps lack a specific background. Cybersecurity
organizations unwilling or unable to onboard less experienced candidates risk missing
out on potential industry innovators who will move on to another organization
more receptive to their ideas.This shift in approach is most successful when there is
support from the top down and includes the ability to identify crucial skillsets
during the hiring process, be provided with a training budget to close
skillgaps, and be given additional onboarding time to get individuals up to
speed. For example, allowing new hires longer periods of time to shadow current
employees can prove highly valuable for both the new employee and the hiring
manager.In this vein, it’s critical to identify the organization’s best
trainers and role models vs. their best athletes. Michael Jordan was a great
basketball player, but that doesn’t necessarily mean he would have made a great
coach. Likewise, cybersecurity experts aren’t necessarily the best trainers. Do
they have the right level of patience or ability to communicate? Can they break
down and relay information in a way that lets other people replicate it? Having
the right training programs and trainers are both critical aspects of getting high-propensity
employees up to speed and in optimizing their success.It’s Time to Change “The Way We’ve Always Done Things”Organizations can be hesitant to make such significant changes.
This resistance isn’t necessarily the result of stubbornness—often, it’s driven
by years of experience, expertise, and success. People fall into habits and
routines, and just about everyone has heard the phrase, “that’s how we have always
done things around here.” Organizations can be slow to update how they operate—especially
today, when even the most dedicated early adopters find themselves challenged
with keeping up with the rapid pace of technological change. It can be
frustrating to have an idea brushed off in favor of a less efficient one just
because others once considered it as cutting edge. It isn’t easy for an
engineer who has done things a certain way for years to change ingrained habits,
but change is often necessary to stay relevant and drive innovation.Accepting this need to change is where the cybersecurity industry
has the greatest opportunity to embrace diverse voices. When one has been doing
something for a long time, muscle memory takes over. One knows what to do, so one
does it—and it works. But just because something works doesn’t mean it can’t be
improved. Realizing that different approaches can yield better results—and opening
the lines of communication—can often spur new and differentiated solutions.
After all, if everyone had clung to the idea that horses work just fine, society
would never have invented the car.Ideas Can Come from Anywhere—So Make Everyone Feel ValuedYounger generations have quickly come around to this way of
thinking. Most grew up learning more inclusively than previous generations. And
while some mock the “everybody deserves a medal” mentality, many business
leaders have adopted a similar mindset where everyone has a voice. By opening
their doors and encouraging more open communication across all levels of the
organization, they have allowed employees to voice new ideas that they may not otherwise
have heard. This openness has allowed collaboration and cooperation not just
within working groups, but across departments and throughout the leadership
structure.If organizations want to encourage diversity and inclusion
and enjoy the many advantages that come with bringing valuable new perspectives
to the table, embracing collaboration, communication, and effective training are
critical. Businesses today understand that good ideas can come from anywhere. Ensuring
that employees from a wide range of backgrounds, experience levels, and points
of view get listened to is an essential part of bringing cybersecurity
innovations to light.Finally, encouraging voices from all backgrounds and experience levels helps generate buy-in to new ideas. Knowing that ideas are welcome and encouraged breeds faith in the organization overall. By going a step further and demonstrating a commitment to investing in employees with on-the-job training, organizations can help close the cybersecurity skills gap by attracting and retaining diverse new talent capable of providing the game-changing solutions the future demands. By Carolyn Crandall, Chief Deception Officer, Attivo Networks
During a National Association of State Chief Information Officers conference, officials like Rex Menold, Michigan's chief security officer, shared that agencies, not central IT, often decide on security priorities.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
