Blog
Igniting Passion for Diversity, Equity and Inclusion (DEI): Cybersecurity Professionals Address Challenges and Offer Tangible Advice for Weaving Inclusion into Our Industry
Clar Rosso, (ISC)² CEO recently joined a roundtable of experts in an (ISC)² Think Tank webinar to highlight why it’s so important to the cybersecurity industry to focus on Diversity, Equity and Inclusion (DEI) as well as offer tangible and practical tips to address common challenges and tensions that often arise on the inclusion journey. The June 23 panel discussed why these initiatives often fail and how to push through the barriers that often keep them from achieving lasting transformation. Rosso was joined by Dr. Kevin Charest , Executive Vice President and CTO at HITRUST, and Samara Moore, AWS Security Assurance Senior Manager and Global Energy Specialist. Both have held (ISC)² Board of Directors positions.
DEI’s Role in Filling the Skills Gap
The current cybersecurity workforce gap estimate stands at more than 3.1 million trained professionals worldwide, and while the number of professionals in the industry grew by more than 700,000 last year, there is still a “staggering need,” according to the panel, for more. This requires looking in non-traditional areas for qualified candidates as well as ensuring that the barriers to entry in the profession are tackled.
“The cybersecurity skills shortage is having significant economic and societal impact. When there’s a major event, we are all connected,” said Charest. “Diversity of thought comes from a wide range of experiences from education, skills and background. It isn’t only about race and gender and is so important when you are trying to fight against ever-evolving bad actors and continuously come up with responses to an increasing threat landscape. We have to think like the adversary. Right now, are we really equipping the workplace with diversity of thought?”
Moore agreed that there was great demand and importance to the cybersecurity profession, and that making it open and accessible would help more people get in.
Rosso then outlined (ISC)²’s current DEI resources and the role organizations like it play in addressing equity. While the strategy is not complete, the organization put together a task force and engaged with multiple organizations focused on DEI. After doing qualitative research and a listening tour around how to fill the skills gap, a number of themes came up including: gender diversity; racial, ethnic and cultural diversity; and education, skills and experience diversity.
“As a professional organization, we have an opportunity and an obligation to do something about DEI,” she said. “We have access to people from all over the world. We can understand what diversity means no matter where they are, it’s going to mean something different. That allows us to look at it, digest it and think about how to address it. In terms of obligation, when we see a workforce gap that is in the millions and is impacting the safety of individuals, organizations and governments, we can’t just shine the light, but have to actually do something about it. That’s what leadership in the space is all about.”
Diversity and Inclusion is Bigger than Race and Gender
One of the panel’s highlights was the discussion around what diversity and inclusion really means, and how people have different definitions. In a question about a vision for DEI in the industry, Moore wanted DEI to be baked into all activities and initiatives, as opposed to a separate silo.
“I want the industry to be one where people of different backgrounds can see themselves succeed and advance. Where they feel empowered to be their true authentic selves, and they can add value to the profession,” she said. “This can be accomplished in some tangible ways like having content and resources about the industry available in multiple languages and different ways of accessibility.”
Charest agreed that the industry should be one where everyone has an opportunity and a platform to learn, grow and perform within the profession.
“There’s a place for everybody in this profession,” added Rosso. “Sometimes, though, you have to see it to be it. If people don’t see people like them, they tend to think [the profession] isn’t a place for them.”
She then discussed data from (ISC)²’s Cybersecurity Career Pursuers Study that showed that the industry is now looking for more diverse career and educational backgrounds during recruitment and that non-technical skills like the ability to solve problems, analytical thinking and the ability to work independently (and on teams) is increasing, to Charest’s “diversity of thought.”
Charest raised the idea of working with vocational and technical trade schools on potential cybersecurity practicums. When an audience member pointed out that it might be problematic when many entry-level cyber jobs require three to five years of experience, Charest said, “If you did four years of a cyber program in a vocational setting, you would have that experience. Where it makes sense, wouldn’t it be a good idea to develop these programs for a field that desperately needs them?”
Rosso stressed the importance of working with HR and recruiters to clearly articulate the skills needed for cybersecurity jobs so that job descriptions clearly reflect the diversity of thought and backgrounds, as well as non-technical skillsets organizations are seeking.
“DEI isn’t about a quota. Let’s open the field and opportunity to all and give everyone their opportunity to find their place in it,” said Charest. “What I love about the field is that there are so many different things you can do once you’re in it. There’s already some diversity built in.”
Why Is This So Complicated?
With the onset of social justice movements and awareness of racial and gender inequality around the globe, many organizations and leaders are recognizing the need to dig deeper and lead the charge for their stakeholders and communities for lasting transformation. But something seemingly so simple, like DEI, can often be complicated and difficult to achieve.
When asked for thoughts on how to lead an organization or a professional body toward lasting change, Rosso said, “When we looked at DEI for our profession, we knew we also had to look at it for (ISC)² staff. We have to do the hard work and experience it ourselves. DEI cannot be a check the box effort. You have to be very intentional and specific about the variables you want to measure against (recruitment, retention, advancement, pay equity) and set benchmarks as part of the path to change.”
All of the panelists agreed that talking about DEI makes people uncomfortable and that organizations have to be willing to have a lot of conversations and hear and listen to a lot of people. All also stressed that transformative change takes time, and that transparency on both good and bad progress is key to breaking through.
Rosso stated, “This is not about having the answers. It is about getting it right over time.”
“Conversations and initiatives are great but having them as an ongoing program to support individuals is key as well,” said Moore. “The importance and value of tone at the top and follow through is also helpful. Showing sustainable progress, for example, a shared roadmap of activities that will be done, movement, and an openness to share lessons learned also help. There’s also just living the values and letting people see diversity and inclusion in executive roles. Without seeing people in leadership positions, you may not believe there is a future for you.”
“There is sometimes a perception that you have to disadvantage a certain group to achieve an advantage for another,” added Charest. “That is not what we are saying. We mean everybody. We want to expand our profession and give opportunities to those that want it.”
“You have to give people a place to be heard,” said Moore. “But if you don’t hear from a group, it doesn’t mean they don’t have an opinion. Seek them out. This shows your commitment to the long game.”
A listener asked the panel an additional question about the role of unconscious bias in setting DEI initiatives and if there were ways to remove it. The panelists all agreed that awareness of unconscious bias provides a great catalyst for discussion on DEI, and that training and educating with specific tools to combat it is useful for any initiative.
Sustaining Passion and Excitement
The panelists also provided tips on how to keep the excitement and focus around DEI going after the initial buzz of big impact initiatives wears off. All agreed that setting smart objectives, instituting KPIs, showing progress and results was imperative. They also recommended prioritizing areas that had the most risk if left unchecked.
“Pick a few areas to focus on, and then drive results and outcomes,” said Charest. “When people see that it’s not just an idea and has practical impact, it opens the field up and drives excitement. We have to go behind the committee and task force getting excited about DEI to the profession getting excited about it and thinking about what it means within their own companies and own sphere of influence.”
“We can engage with young professionals. Many of us have children or family members, and
seeing them exposed early to technology and cybersecurity keeps passion going,” added Moore. “Accessibility and awareness shows the art of the possible. From an educational perspective, I would recommend including security in the core content that kids learn.”
“Try to build DEI into how you operate. This moves it from a standalone program to an integrated one,” added Rosso. “Look at your hiring practices, seek diverse candidates from a different set of watering holes and set metrics and report on progress. Seeing progress always generates excitement and ideas.”
Coming Soon
Rosso ended by directing listeners to the(ISC)² DEI Resource Center for additional information as components of the organization’s DEI strategy come together. The organization is also in the process of understanding content it needs to create, as well as taking baseline measurements on the diversity of speakers in its training sessions and videos.
We want to know, how is your organization approaching diversity, equity and inclusion?