How DEI creates a more Resilient Cyber Security Team
Diverse teams solve cybersecurity problems faster and more effectively, and help you think like the attackers you are fighting every day. Cyber attacks are growing and evolving. A DEI program can help cybersecurity organizations:
Fill the cybersecurity skills gap (715,000 open jobs in the U.S., 3.5mm globally)
Better understand the mindset of diverse, unconventional cybercriminal teams
Improve incident response and incident communications both internally and externally
Prevent the user errors that cause 90% of breaches
To benefit from DEI, cybersecurity teams must build programs around three pillars:
To begin their DEI journey, cybersecurity leaders must ask themselves a series of questions to identify where they currently lack diversity, including:
Do we currently have any DEI-focused policies in place?
Do we fill positions before we have a diverse slate of candidates?
Does everyone on our team have the chance to share their perspective?
Organizations cannot fill their DEI gaps on their own. They need to find the right DEI-focused partner to help drive their program. Intercasthas made diversity a core value and can provide diverse job candidates to help drive DEI program.
The Need for a New Approach to Cyber Security
Cyber and IT risk is growing – and security teams are struggling to keep up.
Cybercriminals release new, creative attack variants every day.
Attack attempts increased 50% year-over-year in 2021 alone.
Despite heavy security investments, 93% of networks can still be penetrated.
These are large and growing problems, and there is no “silver bullet” solution to them. However, recent research and though leadership has concluded that Diversity, Equity, and inclusion (DEI) programs can bring tangible, far-reaching benefits to the speed and effectiveness of cybersecurity teams and incident response.
In this white paper, we’ll explore:
The tangible benefits that DEI programs bring to cybersecurity
How organizations can weave DEI into their cybersecurity teams
Where to start your organization’s own unique DEI journey
How DEI Programs Help Solve Many Cybersecurity Problems
How Organizations can Bring DEI to Cybersecurity
DEI is a large, complex topic that mean a lot of things to a lot of people. Yet at its core, DEI focuses on driving one simple outcome – delivering more equal representation for all people, regardless of their gender, ethnicity or other demographic details. While there is no single cookie-cutter way to drive this outcome, there are three fundamental areas that every DEI program must focus on creating:
Let’s look at each in greater depth.
Area 1: Adopting a DEI Mindset:
The first area is subtle, but important. Before you can bring DEI to your cybersecurity group, you must develop a mindset that naturally creates, supports and grows a more diverse and inclusive cybersecurity function. there are two prongs to this.
Identifying and eliminating unconscious bias. As PWC notes, organizations must learn to recognize how “intersectionality, unconscious bias, privilege and micro-inequities can potentially impact individual experiences”.
Put in plain terms, you must develop awareness to the small, hidden biases you might hold – like your perspective on what a “good cybersecurity employee” looks like – and then disarm them in your workforce development and management practices. Some of this work can be done individually, but most people require some type of formal training to see and resolve their biases.
Developing a more inclusive perspective. DEI is more than just eliminating problems. It’s also about cultivating more curiosity, empathy and a greater desire to create a more diverse and inclusive cybersecurity group. By cultivating this desire, you will naturally and spontaneously bring DEI principles to life without always having to do so through a formal, intentional plan.
Area 2: Creating DEI Policies for Hiring and Promotion:
The Second are is tangible and concrete. To bring DEI to your cybersecurity group, you must hire more diverse candidates, and advance more of your diverse candidates into leadership positions. This is the bread-and-butter of any successful DEI program. To drive it, you likely have to redesign some of your policies around the following:
Rethink your hiring criteria. Reconsider the potential biases within existing hiring criteria such as certifications, background checks, and academic history.
Refocus on the fundamental. Shift your hiring criteria around fundamental cybersecurity skills and capabilities that effective cybersecurity pros often have.
Require a diverse candidate pool. Withhold hiring decisions until a diverse range of candidates have applied and are part of the evaluation process.
Promote diverse team members. Prioritize retaining, developing and advancing diverse cybersecurity team members into leadership roles.
Area 3 : Building a DEI-Focused Work Environment:
Finally, you must ensure that DEI principles are embedded in the everyday working life for you and your cybersecurity team members. To do so, you must look at your work environment, and – if required – make policy changes to ensure:
Everyone has a voice: Don’t wait for people to speak up. Proactively create opportunities for diverse voices to share their perspectives and experiences, and to be part of the group’s ongoing communications and dialogue.
Everyone can do their best work. Create an environment that is welcoming, productive, and accommodating to a diverse range of team members. (For example, remote work can help neurodivergent people who might struggle within a standard in-person office environment).
You Don’t Need to Build DEI Alone – Tools and Partnerships
Many organizations are making DEI a priority and working together to build a more inclusive future workforce. Partners – such as recruiting and staffing firms – that value DEI can offer a shortcut towards filling your organization with a diverse group of professionals.
But event tools like LinkedIn have begun to prioritize DEI and offer new features to combat bias and imbalance. Currently, LinkedIn Talent Solutions lets you:
See gender imbalance in Recruiter searches through Diversity Nudges.
Actively hide candidate names and photos in Recruiter searches.
Find internal candidate that fit a diverse profile faster and easier using Spotlight tags.
Access free online courses on recruiting and promoting equitably.
Highlight company commitments to show what you stand for, and attract like minded candidates.
These are small, simple tactics that anyone can use to quickly and easily begin to bring DEI to life in their own company – and new tools, features, and partners pop up everyday to help you create a more equitable workforce.
Most Important – Just Get Started
It’s easy to feel overwhelmed by the range of new policies you must create, or to drown in the details of how to design and deploy those policies.
To help you get past these bottlenecks, we have a simple piece of advice – just get started, identify a couple of key areas where you can improve DEI within your cybersecurity group and design a simple program to help address them. The following self-Assessment can help you identify where you have greatest opportunity to improve your DEI program.