Over
40 percent of personnel on the Akamai InfoSec team are women. That’s in an
industry where, depending on who you ask and how you measure, somewhere between
10percent and 15percent of entry-level
positions are filled by women.And
while I’d like to say that my team has always been this balanced in
representation, it hasn’t.Two
years ago, only 28 percent of our team members were women, and we’d started to
notice, mostly via anecdata (the plural of anecdote, used by management to
justify a decision, and is often abbreviated to “data”), that our hiring wasn’t
as gender-balanced as we felt it could be. Hiring isn’t the only area that
needs management attention, of course; fostering a healthy, productive, and
inclusive environment is also essential. But looking at how people come into
your organization is critical.
As a
piece of evidence for us, MIT was graduating women at a greater rate than we
were hiring women, so it couldn’t just
be an absence of a candidate pool. So we started to think about exploring
different ways of operating. The first, and always, step: challenge hiring
managers. They’re our front line, and own most of the day-to-day actions.I
asked my team to work on it, starting with a single question to guide them:
"What does your hiring pipeline look like?" It’s not that I assumed
that was the only issue, but it would let us question our recruiting process
end-to-end. That was a harder question to answer than you might suppose, but
most managers tackled it -- tracking demographics with our Talent Acquisition
team across the hiring process, through screening and into interviews. A short
answer was simple: we weren’t getting enough balance in our resumes.We
tried several things. I’m reluctant to call them experiments, because we had
neither a rigorous process, control group, nor an Independent Review Board to
oversee us. Almost all of them appeared to be successful. Our goal was to hire
great people who would both fit into and help improve Akamai and InfoSec
culture, while also driving our vision: to
be a helpful and sustainable guide into a safer destiny -- for Akamai, our
customers, and the Internet community. My hope was to hire those great
people, and have a demographic more reflective of the wider population.We challenged our recruiter partners
to source us resumes from a wider population. That isn’t as easy for them as it
seems; in many ways, recruiters have to passively accept the candidates that
apply. So our task became more subtle: how do we get a wider variety of people
to apply? Better marketing seemed like
an answer, and our core marketing artifact was the job description.Improving the job descriptions was both easier, and harder,
than you might expect. One step was to reduce the number of required
qualifications on positions; there is an increasing belief that unnecessary
qualifications correlate with fewer women applying for a position. Some of
those requirements, regrettably, you can’t easily just eliminate (for instance,
degree requirements), because those are tied to criteria for visa eligibility
for certain job families. But the language in the job descriptions can also be
challenging, so some of our managers experimented with looking for subtle,
gender-coded language to alter.But
those are passive steps. We wanted to be more active. One step was to open up
our pipeline into new environments. We could take advantage of the Akamai Technical Academy (ATA) program, which generally produces
a more women/minority/veteran population of candidates. I committed to our
Talent Acquisition team, that for any ATA class that graduated people where I
had staff, we’d hire at least one person.Another
area we pivoted was to look outside the
security industry. A challenge that many security teams have is that when
they’re small, they have to hire people who can do anything and everything.
For a three or five-person team, that makes sense -- you absolutely need an
architect who can engage deeply about distributed systems design with principal
engineers, then pivot to program manage across multiple engineering leaders a
safety initiative, and then walk into a customer executive meeting, and manage
a team on the side. But as a team grows, that breadth and depth isn’t necessary
across the board (although it might be a career aspiration). What was
interesting to realize is that often the needed depth in a position isn’t in a traditional “security” skill.InfoSec
has positions that look more like “librarian” or “journalist”. Rather than
hiring deep security experts, and trying to teach them those skills, we’ve
hired actual librarians and journalists. Those are shrinking career fields, so
there are skilled professionals available.
Targeting those folks, directly and indirectly, has given us access to
new populations.I’ve written here mostly about the hiring pipeline, but please don’t think that’s the only area to work on! Building an inclusive culture to improve retention, developing your existing staff, and having a flexible and accommodating environment are all important areas to pay attention to.But we’ve made it past 40 percent, which means we’re within striking distance of the basic human demographic for gender. And that’s great progress.By Andy Ellis, Chief Security Officer, Akamai
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
