Challenges associated with diversity, equity and inclusion in cybersecurity teams

(ISC)² published a new research study highlighting the unique challenges diverse cybersecurity professionals worldwide face and provides recommendations to create positive change.

“In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity” offers access to the personal experiences of minority cybersecurity practitioners, providing a lens with which to view the concepts of equity and inclusion in today’s workplaces.

The focus group research included diverse professionals from nine countries across the globe and asked how DEI is defined in different regions, why creating DEI programs that work is so difficult, the types of work-related challenges diverse professionals face, and what strategies they believe are successful when building diverse cultures. The study outlines eight recommendations for improving DEI in cybersecurity teams, from implementing cultural sensitivity training to documenting clear advancement practices.

“The most effective way to build awareness of the need for DEI is to help convey the real experiences of diverse professionals to all of their peers. Instead of focusing on statistics and demographics, we listened to the concerns raised, and challenges faced by these individuals and are doing our best to amplify their voices,” said Clar Rosso, CEO, (ISC)². “What we found is that many issues are universal to the experiences of diverse professionals no matter where they live and work. That tells us that the strategies and solutions to improve organizational practices also have a lot in common, including overcoming unconscious bias, providing pathways for advancement, hiring diverse leaders and championing equitable pay structures.”

Following is a small selection of the respondents’ firsthand accounts and advice in the report:

“The diversity of thought is a global crisis. I mean, it needs to be in the cybersecurity workforce, or else nothing’s going to be secure in this world.”
“My organization has made DEI training mandatory and not voluntary like it used to be. They have also hired several women for key leadership positions. I’ve witnessed a change in the past year with more people sharing their ideas and collaborating, rather than everyone trying to protect their territory.”
“I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own. They get credit for my talent. It would burn me so bad, but, yet, I didn’t really have anyone to lean on.”
“As the only woman in my team, I always had a hard time finding a mentor I could relate to or who gave honest advice. I often felt lonely and had to learn a lot of things through trial and error.”
“It’s easy to start an initiative when the global temperature on diversity is so high. However, DEI initiatives typically don’t get fast results. They are a slow, tedious process that requires ongoing commitment and dedication from the whole organization, along with designated performance metrics that help to track success and keep stakeholders’ motivation up.”
“In the public sector in the U.S., there has been a lot of focus on getting more women, getting more minorities and getting everyone to share their story. Hiring diverse professionals with less solid skill sets and putting together work teams with an experienced leader helps everyone get to a similar level of skill set. Having diverse teams to promote different ideas and perspectives, not only their cybersecurity-related skills.”
“We see a lot of diverse professionals in entry-level positions. But they don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them. They feel lost.”
“We need more Black women and Latinas in cybersecurity, speaking, showcasing their talent, being the trailblazers and paving the path for others knowing that these cybersecurity careers exist and that it’s personal.”
“Cybersecurity today should be a topic as important as fire safety or health education. We need to start building awareness earlier on so children start embracing it from a young age, dreaming about becoming a cybersecurity officer just as they dream of becoming a fireman or a doctor.”

The study was released in conjunction with the InclusionREADY program at this week’s annual (ISC)² Security Congress, taking place virtually from October 18-20. The conference features a DEI-focused keynote presentation and five breakout sessions, including an overview of and panel discussion about the research report on Monday, October 18 at 4:15 p.m. EDT. (ISC)² will also host a virtual DEI booth from which attendees can download the DEI strategic plan for the association and other helpful guides for understanding and implementing their own DEI initiatives. (ISC)² established a Global DEI Task Force earlier this year and launched a DEI Resource Center where it hosts a growing number of informational resources for individuals and organizations who are on a DEI journey.

For more information on DEI resources from (ISC)², please visit: https://www.isc2.org/dei.

Follow the conversation on social media via #InclusionREADY.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.