Diversity Matters – The Case for Inclusivity in Cybersecurity
“There is a logical fallacy that people who look different, think different. No- it’s just that people who are different, are different, and we need that.”- Jeff Labonski, Software Engineer.
‘Minority’ is a tricky term. “It is certainly not only about gender and colour anymore,” says Aric K. Perminter, President of the International Consortium of Minority Cybersecurity Professionals (ICMCP).
Taken literally, the term ‘minority’ lacks inherent value – it simply means a number of people representing less than half of a group. But in the context of cybersecurity’s workforce, levelling the representation of minority professionals means valuing inclusivity and innovation – nouns that are synonym with everyone, regardless of age, race, gender identity, physical ability, sexual orientation, neurodiversity, religion, socioeconomic status, or professional background.
“Having said that,” Aric continues, “many people trying to get into the cybersecurity industry are judged by their cover.”
To face the industry’s rapidly changing landscape, cybersecurity workers need the dynamism and creativity that blossom from cultural and intellectual diversity. “Recent reports confirm that companies in the top quartile for racial and ethnic diversity are 35% more likely to have financial returns above their respective national industry medians,” says Aric. “Yet, I can’t tell you how often we’re in meetings, boardrooms, summits… and notice we’re the only minority professionals in the room,” he confides.
“McKinsey & Company reports in the U.S. also show that there is a linear relationship between racial and ethnic diversity and better financial performance,” Aric continues: “For every 10% increase in racial and ethnic diversity on senior-executive teams, earnings before interest and taxes (EBIT) rise 0.8%. In the UK, greater gender diversity on senior-executive teams corresponded to the highest performance uplift of their data set: for every 10% increase in gender diversity, EBIT rose by 3.5%.”
Despite diversity’s business value, a 2018 (ISC)2 Multicultural Cybersecurity Workforce report found that ethnic minorities represent 26% of the cybersecurity workforce and that employment amongst them tends to be concentrated in non-management positions and few leadership roles, in spite of their high qualifications. 32% of the 9,500 U.S. cybersecurity professionals surveyed report having experienced discrimination in the workplace.
Cybersecurity is a diverse industry with a broad variety of roles, which range from pen testing to threat intelligence, to security operations to risk analytics, to policy making, to communicating risks to the board, to educating internal staff and the public about security practices. “Many of these positions do not require a 4-year degree,” says Aric, “but unfortunately, hiring managers are too often looking for folks who are just like them and have the same type of background and degrees… even when this is done subconsciously, the fact is that it is keeping minority candidates out of the door,” explains Aric, who suggests that ICMCP’s support needs to be matched by a celebration of diversity as a tool for empowerment across the industry and by more flexibility to enable professionals from other sectors to migrate into cybersecurity.
Despite an increasing number of unfilled cybersecurity roles, minorities still face difficulties entering the industry. So ICMCP designs programs that aim to foster actionable and measurable ways to increase the recruitment, retention, and development of minority professionals in cybersecurity – one person at a time.
Diversity is a basic characteristic of human society and what makes the world interesting, dynamic, rich, and worth exploring. Shouldn’t this also be true in the workplace?
The problems with cybersecurity’s gaps are clear and many people are taking steps to address them through inclusivity. After all, a monoculture won’t be able to solve our problems or get a proper shakeup. Perhaps it’s time we start getting more success stories out there, suggests Aric. And we’ll start with his:
When I started working in technology, I was forced -and fortunate- to be around people who were more focused on success than on the colour of my skin. I made a point from then on to continue surrounding myself around those types of individuals. It wasn’t just the work I was doing that was making me feel included, it was the support force from people all around me – non-minorities as well. The circles we travel within are the guides and mentors of our careers. Like the African proverb that says ‘it takes a village to raise a child’, I’ve had the pleasure of having a very nice village supporting me to rise in my career path. – Aric Perminter, Chairman of the Board of Directors at Lynx Technology Partners & President of ICMCP.
A few weeks ago, SeQure World Magazine asked cybersecurity professionals on LinkedIn to nominate minority peers whose achievements they would like to celebrate, resulting in the list below. May their success stories serve as reference when thinking about the value of diversity in the workforce. May we associate inclusivity with admiration and appreciation. Because the names below are living proof that inclusivity is not only possible but should be a goal.
Alissa Abdullah, Vice President and CISO at Xerox.
Angela Davis Dogan, Director of Vendor Risk and Compliance Services at Lynx Technology Partners.
Aparna Rayasam, Vice President of Engineering, Cloud Security at Akamai Technologies.
Aric Perminter, Chairman & Founder of Lynx Technology Partners and President of the International Consortium of Cybersecurity Minority professionals.
Bilal Green, Senior SOC Engineer at Verisk Analytics.
Charles Nwatu, Corporate Security Engineering Manager at Netflix.
Christine Izuakor, Senior Manager, Global Security Strategy & Awareness at United Airlines.
Devon Bryan, Executive Vice President and CISO at the Federal Reserve System.
Georgia Weidman, Founder & CEO, Pen-Tester & Security Researcher at Shevirah and Bulb Security.
Gary Eppinger, CISO at Carnival Corporation.
Haiyan Song, SVP and GM of Security Markets at Splunk.
Katoria Henry, Information Systems Security Officer at the United States Postal Services.
Kavya Pearlman, Information Security Director at Linden Lab.
Keirsten Brager, Lead Security Engineer at Entergy & Author.
Larry Whiteside Jr., Chief Security Risk Officer at Greenway Health.
Linda Bell, Information Security Engineer at IBM.
Michael A. Echols, CEO & Founder at MAX Cybersecurity.
Michael Palmer, CISO at National Football League (NFL).
Mona Lisa Pinkney, Senior Director of Cybersecurity Governance, Risk, Compliance & Engagement at Nike.
Nasrin Rezai, EVP, Global Chief Information Security & Product Security Officer at GE.
Nicole Darden Ford, Global Vice President, IT & CISO at Baxter International Inc.
Noureen Njoroge, Security Threat Intel Engineer at Cisco Systems.
Pamela Gupta, CEO & Founder of OutSecure.
Paul DeBone, Systems Engineer at Evolver.
Renee Forney, Senior Director of Cyber Assurance at Capital One.
Robert G. Duhart Jr., Director, Security ARchitecture at Cardinal Health.
Rodrigo Branco, Chief Security Researcher at Intel Corporation.
Stanley Lee, CEO & Cybersecurity Expert at Netswitch Technology Management.
Tanya Janca, Senior Cloud Advocate Specializing in Application Security at Microsoft.
Tomiko K. Evans, CEO and Cybersecurity Consultant at Aerial Footprint.
Written by Paula Magal for CS4CA USA – the annual Cyber Security for Critical Assets summit looking to bring an increasingly diverse community of cybersecurity pros to shape the industry’s landscape in 2019 and beyond. Join us in Houston this March 26th-27th! Contact email@example.com to get your complimentary pass.