Diversity in Cybersecurity: What It Means and Why You Need It

5 minute read

February 2023

In 2020, a reckoning emerged in the wake of several high-profile racial incidents. As the nation tried to emotionally process the ongoing act of racial systemic injustice, the corporate world was motivated to redefine diversity measures. It became clear that current diversity, equity, and inclusion (DEI) efforts, however well-meaning, were not addressing the overall representation of the technology sector. The industry is still quite remarkably homogeneous, both among technical positions and policy thinkers.

Cybersecurity is a field critical to protecting the safety and privacy of everything and everyone. Without a diverse and inclusive workforce, the industry risks creating solutions that only work for a specific subset of the population, or fails to address the needs of others. A lack of diversity can also lead to biases in decision making, which can have serious consequences for individuals and organizations. It’s important to embrace the power of DEI to grow a resilient workforce.

What is DEI?

Diversity, Equity, and Inclusion (DEI) is a phrase often used together, but they have their own distinct meanings. Diversity is about representation; the presence of traits that are different from one another. Equity is ensuring that everyone has equal opportunities to succeed, regardless of their background or identity. Inclusion focuses on making sure everyone feels welcomed and able to participate in decision making, development opportunities and other activities. Collectively, this term ensures that everyone has the opportunity to make the most of their lives and talent.

Why Creating a DEI Program That Works Is So Difficult

“We should know that diversity makes for a rich tapestry, and we must understand that all the threads of the tapestry are equal in value, no matter what their color.” – Maya Angelou

In 2021, (ISC)² published a research study highlighting the unique challenges diverse cybersecurity professionals face worldwide. The study makes it clear that many issues are universal and both the problem and solutions have a lot in common. 

Quotes from the professionals included in the survey:

  • “Women are often set up to a higher bar. They get evaluated based on their proven experience, whereas guys get selected based on their potential.”
  • “We see a lot of diverse professionals in entry-level positions. But they don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them. They feel lost.”
  • “I’ve witnessed how unconscious bias is a huge factor impeding the consideration of diverse professionals for leadership positions.”

The tech industry has long struggled to meaningfully and impactfully develop DEI and this is evident in the minority demographics. According to the Aspen Digital Tech Policy report, only 9% of cybersecurity experts are black. About 8% are Asian and 4% are Hispanic. Additionally, only 24% of the cybersecurity workforce are women. That is less than 30% of the overall industry workforce and sadly the needle on diverse representation has not moved much since the conception of this analysis.

One of the biggest reasons DEI efforts fail to launch is unconscious bias. “Unconscious bias” is an implied term, which makes it difficult to acknowledge, but if it is not addressed, establishing a meaningful DEI program is futile. It’s important for business leaders to recognize the need for genuine change and understanding of the positive impacts diversity can have on an organization.

Unconscious bias is an implied term, which makes it difficult to acknowledge, but if it is not addressed, establishing a meaningful DEI program is futile.

Another reason DEI efforts fizzle is because programs are developed as a means to check a box. Authentic diversity is a journey and DEI should be reflected in the company’s true values. Transformative change such as this takes time, and motivation can quickly dwindle if not given proper effort and resources. “It’s easy to start an initiative when the global temperature on diversity is so high. However, DEI initiatives typically don’t get fast results. They are a slow, tedious process that requires ongoing commitment and dedication from the whole organization, along with designated performance metrics that help to track success and keep stakeholders’ motivation up,” noted one participant from (ISC)2’s survey. In short, DEI can be difficult in practice for businesses not built to encourage patience. 

Why is DEI Essential for the Cybersecurity Industry?

Cybersecurity remains one of the most critical challenges organizations face, yet roles go unfilled. In another study by (ISC)², the employment gap of more than 3.4 million cybersecurity positions continues to be unaddressed largely due to talent disparity. Many cybersecurity jobs require specialized knowledge and skills only obtained through higher education or expensive certifications. Because minorities are more likely to come from low-income households, expensive education is not an option, putting them at a disadvantage. The tech industry thrives on a diverse set of skills and talents. By attracting and retaining a more diverse demographic, the cybersecurity industry can address the skills gap and create a more robust workforce. 

The corporate advantage to expanding the diversity of cybersecurity team members is the opportunity to experience new and innovative ideas at a greater volume. Diverse teams solve cybersecurity problems faster and more effectively. Supply chain attacks, social engineering, ransomware and advanced persistent threats (APTs) are just a few examples of top concerns cybersecurity professionals face. Building diverse perspectives and backgrounds can better equip a team to solve complex problems, or to quote author and editor Edward Enninful, “Without diversity, creativity remains stagnant.” Embracing individuals from non-traditional talent pools can bring unique ideas to the table. 

Without diversity, creativity remains stagnant.

Strategies for Building a Diverse Workforce

Successfully implementing a DEI program requires change, discomfort and commitment. While lasting results can take time to effectively measure, progress can still be made. Implementing cultural sensitivity training, documenting clear advancement practices, championing equitable pay structures and hiring diverse leaders are all key strategies for immediate change. Getting real-time feedback through continued conversations on gaps and needs provides tangible, unique goals the business can strive to incorporate. Making genuine connections can boost employee value and satisfaction, which can help reduce turnover and increase the quality of the workforce.

The importance of diversity in cybersecurity cannot be overstated. A diverse and inclusive workforce is essential to developing effective solutions, addressing the needs and challenges of different groups, improving retention rates and job satisfaction, addressing the cybersecurity skills gap, and fulfilling the moral imperative of protecting all individuals. A company’s commitment to DEI will yield immediate and long term results.

About the author: Brianna Groves is a Security Engineer with over 5 years of experience at CyberGRX. Brianna is dedicated to protecting company and client data from cyber threats with a focus on preventing data breaches and monitoring for malicious activity. Brianna utilizes her technical skills and knowledge to ensure the security of her business ecosystem and her passion for offensive security drives her to constantly seek out new vulnerabilities and exploit techniques, allowing her to stay ahead of potential threats and effectively mitigating risk. Brianna is a self-taught professional, holding two cybersecurity certifications, Security+ and Certified Ethical Hacker (CEH). Brianna’s passion for staying ahead of the latest security trends and techniques allows her to effectively mitigate risk and maintain the highest level of security for their organization, making her a valuable asset to the CyberGRX team.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.