There has been much discussion and rightful concern expressed over the years about how technology fields broadly, and the cybersecurity industry in particular, are lagging when it comes to workforce diversity. Too often, though, we look at this shortcoming as a problem that the private sector alone must rectify. The reality is addressing workforce diversity is too large of a challenge for it to fall on any one group or sector. Instead, the public sector, private sector and non-profit industry associations should work together to make the type of collective impact that is needed to turn so many people’s good intentions into action.
Here are some ways that each of these groups can contribute in this important movement to expand opportunity and inclusion in cybersecurity and related fields:
Job postings for cybersecurity roles often are heavy on technical skills and express the need for candidates to come from academic backgrounds in traditionally male-dominated areas such as computer science. This is a recipe for attracting more of the disproportionately white, male practitioners to the field and maintaining the status quo. Security and HR teams must instead be open-minded about different backgrounds and skill sets that could be transferrable to security roles and then, as necessary, provide on-the-job training and skills development to help a wider pool of technology-minded professionals succeed.
Equally important to being more proactive about bringing in underrepresented populations is how these professionals are treated once they have been hired. It is only by creating a culture of inclusiveness and empowerment — in which all members on the team, irrespective of gender, race or other demographic categories are valued, listened to and given opportunities to advance their careers — that retention will improve over the long-haul. If organizational leaders are intentional about providing leadership pathways and opportunities for diverse members of their team, there is hope for real progress.