The recent GDS Security Summit brought together more than 100 senior security leaders to discuss the challenges, opportunities and shifts happening in the current climate. Many themes came up throughout the three days including data compliance, cloud security and the human element. But one theme that really shone through was the need for diversity in the security industry.
Frost and Sullivan’s Center for Cyber Safety and Education’s recent report found that while minority representation within the cybersecurity field is slightly higher – at 26% – than the overall USA minority workforce at 21%, the study reveals that racial and ethnic minorities tend to hold non-managerial positions. It shares that this results in pay discrepancies, especially for minority women, which is a challenge. Furthermore, according to Cybersecurity Ventures, the global cybersecurity workforce – short some 3.5 million workers in 2021 – is only 25% women.
This is just a short snapshot of the state of diversity in the industry right now. So, what were some thoughts from our experts in the security field from the GDS Group summit?
When it comes to finding diverse talent, we really need to do our research on what other countries are doing to stay ahead of the game. During a panel discussion about the talent shortage, Michael Beaupre, the Head of Cyber Security at Hays explains, “we need to research salaries across industry in other countries to make ourselves competitive, because the experts go where the money is, the borders don’t matter to them.”
And maybe in your organisation’s quest to find more diverse talent, the boarders shouldn’t matter so much to you either. Especially as 57% of cybersecurity professionals themselves believe that diverse teams lead to more effective problem-solving, and they don’t necessarily have to have all the right experience either.
Experience seems to be the biggest piece of this puzzle. We need to change our mindsets on looking and waiting for this ‘perfect candidate’. Instead, we should be creating fuller teams that cover all skills and experiences needed to function fully. Nihal Newman, Director of Network Security at Ofcom shares during the panel, “I’ve learnt it’s so hard to find that one ‘single unicorn’ person who has all the skills I’m looking for. So, you can bring all the skills together across the entire team. In particular, the policy skills, the stakeholder engagement, because there’s so much influencing, communicating, and bringing those into the team. And collectively you then have that single unicorn.”
And Michael adds “we often constrain ourselves by experience requirements, certification requirements, language requirements, country requirements, industry requirements.”
“We’re killing ourselves like that. We need to look for talent in potential, and not just in skills and industrial experience.”
– Michael Beaupre, Hays
One of the more hidden diversities is neurodiversity. Nihal explains “it’s so important because there are so many neurodiversity’s, and people with certain skills that we’re not tapping into. Strength and skills around problem solving data analysis is often brilliant.” So, finding and tapping into those different ways of thinking is essential.
We must also create the right space, and the right culture for everyone and their diversities to thrive. Nihal explains, “having quiet spaces so people can focus is essential, as is developing the knowledge in our organisations and teaching people that there are new norms and ways of working now.” Yes, indeed we shouldn’t think historically that this is how we’ve always done it, and these are the stereotypical people we want to have in the organisation now evolve ourselves so that we’re bringing the talent in.
When it comes to culture and security as a whole – it plays a huge part in diversity. Nihal explains “we need to look outside of security being just an IT issue. Once you do that, you automatically start broadening opportunities for talent that you can bring into your organisation. Because when security is in the culture, you start looking at people with leadership skills, and other crucial business skills, people who understand the risks from all perspectives.”
Off the beaten track
There is a lot of untapped talent out there. Given that the global cybersecurity workforce was short 3.5 million workers in 2021, we need to go and find that talent. John Graham-Cumming, Chief Technology Officer at Cloudfare makes the great point around ensuring your teams have all walked different paths.
“It should be blindingly obvious that we should be striving to have diverse backgrounds. We often think about gender, sexual orientation, or race, but we should also be thinking about the path they’ve taken.”
– John Graham-Cumming, Cloudflare
The pathways people take are what make them unique, increase their problem solving and give different insights into how to world works.
John continues “cybersecurity is an ever-changing world, with ever changing adversaries and threats. And so, the only real way to cope with that is to be someone who has a high degree of curiosity and wants to learn and also is able to look at a problem from an interesting angle. And you only get that with you have a diverse team of people.”
So how do we find diverse talent?
John advises, “it’s about being open minded about who you’re looking for. And what that means is not looking for a specific experience or a specific skill set that you’ve done before because people can learn anything. Be open minded about the route to which someone’s taken.” Yes, you’re really going to have to go look for those people because they’re probably not going to present themselves and they are likely to rule themselves. John explains one way to get them to present themselves though, and that’s through rethinking job descriptions.
“It’s important how you write job descriptions and ads for jobs to make sure people don’t automatically exclude themselves. Because if you put in there a long list of must have’s that Ivy league degree, and x amount years of experience, then what happens is people will knock themselves out of the running very early, and especially people who are from a diverse background.”
Nihal also shares, “we work with organisation’s like the Cyber Security Council. They’re thinking about security in the broadest perspective. They’re thinking about general cybersecurity, they’re thinking about risk management, they’re thinking about governance.”
And some final, sage advice from Nihal. “I’ve experienced myself as a woman is when we look at a job spec, we think ‘Oh, there are ten things, but I can only do five.’ Please, for the women out there today listening to this, if you feel you can do five of the ten, look at your transferable skills, how you can leverage them and what you can bring to the role. Because that is what I did. That is how I recruited 40% of the women in my team. They are not from a cyber background, but they bring skills in the team that nobody else brings, and that helps us collectively as a team thinking about the problems that we’re trying to solve today.”
So why not join us in the conversation? To learn more, you can listen here to a conversation with a hacker.
Or join us at a GDS summit. They’re tailored, 3-day virtual event conferences that bring together business leaders and solution providers to accelerate sales cycles, industry conversations and outcomes. Regarding the security digital summits 83% of solution providers said the overall experience of the digital summit they attended was above average or excellent and 83% of solution providers said they would be interested in sponsoring future events.
For more, click here to hear from attendees on how GDS has helped them to achieve their business outcomes.
Continue the debate at GDS’ security digital summits where we bring together senior security executives who are actively seeking to share, learn, engage, and find the best solutions. Apply to attend.