Blog

#ISC2CONGRESS - Panel: DEI Initiatives Come Down To Choosing Talent

Oct 19, 2021

DEI-Report Picking up on the theme of diversity, equity and inclusion (DEI) that (ISC)² CEO Clar Rosso says is critical to solving the cybersecurity skills gap, a panel discussion on Monday addressed the challenges that get in the way of successful DEI implementations.

Several themes emerged during the late-afternoon panel session, which was part of (ISC)2 Security Congress 2021 , taking place virtually this week:

  • Don’t expect change to occur immediately
  • Diversity, equity and inclusion requires a step-by-step approach
  • Keep talking about the issue so it stays at the forefront
  • Measure success by looking at numbers within the organization

The session, moderated by Tara Wisniewski, executive vice president of Advocacy, Global Markets and Member Engagement at (ISC)², kicked off with a quick summary of “In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity ,” a new research report that highlights findings from a series of focus groups commissioned by (ISC)2 on the topic. The focus groups took place in the U.S., Canada, the U.K., Germany, Croatia, Serbia, South Africa, Singapore and Malaysia in May of 2021.  

They revealed that women and men from ethnic and minority groups working in cybersecurity face a number of challenges, said Dwan Jones, and independent diversity consultant working with (ISC)². Focus group participants say they struggle to feel a sense of belonging, not being heard by leadership, and having their ideas stolen for the advancement of others.

Another common challenge, Jones said, is how unconscious bias gets in the way of developing and executing DEI programs within organizations. Unconscious bias, she said, leads to “social stereotypes about certain groups of people” held by those outside those groups. “It’s really something that all of us have.”

These stereotypes affect how decisions are made within organizations and can hinder or enhance progress. “They can be hard to ignore and address, and they show up in the work place in practices ranging from recruiting to retention to merit increases to career progression and really to who gets invited to meetings,” Jones said.

Organizations can overcome these challenges, she said, with practices such as cultural sensitivity training, purposeful inclusion, setting hiring and recruitment targets, and having clear advancement targets for diverse employees.

No Quick Solution

Addressing DEI challenges, said Mary Chaney, CEO of Minorities in Cybersecurity and (ISC)² Global DEI Task Force member, takes dedication and understanding that there is no instant fix. Just like with tools to address cyber threats, she said, the issue can’t be fixed quickly.

Another panelist, Lynn Dohm, executive director of Women in Cybersecurity (WiCyS) and (ISC)2 Global DEI Task Force member, agreed. “There isn’t a quick solution. This is an ingrained part of who and what we are, and this is a journey.”

Often, she said, projects to address DEI start with good intentions but then organizations do not choose the right people with the right mindset for the project. “They have to come from the right place of understanding and what they want to do long-term.”

In answer to a question from Wisniewski about what cybersecurity can learn from other professions regarding DEI, Chaney said it’s important to look at the metrics. If companies are serious about DEI, their staffing numbers should reflect that. If they don’t, the organizations may just be offering lip service.

After George Floyd died at the hands of Minneapolis police officers, a lot of corporations came out to show support, Chaney said. “OK, but what are you doing, though? Quit telling me what you’re going to do and show me how you’re going to accomplish it.”

Too Big to Solve?

Delivering a question from the virtual attendees, Wisniewski asked if the DEI issue is too big to solve.

In answer, Dohm said, “We have to start somewhere. This is critical and diversity of thought is absolutely necessary in the cybersecurity workforce. The adversaries certainly have it. We need all different genders, identities, ethnicities, races, experiences, backgrounds and more – we need all of that and bring it to the table.”

In her organization, Dohm said, the commitment was made to keep talking about it. “And then we’re going to talk and talk and talk about it more. We’re not going to stop talking about transgender rights in the cybersecurity workforce. We are going to continue to talk about what some might perceive as uncomfortable conversations until people get more comfortable with it. And then we’ll talk about it some more.”

In answering the same question, Chaney said hackers don’t care about race, color or gender when attacking systems. “They care about talent. And these challenges that we face from a DEI perspective are really just limiting our ability to actually respond to the challenges we have on the cybersecurity perspective.”

If the cybersecurity profession focuses on talent – just like the adversaries do – it stands a much better chance of winning the battle, she said.

For more information on DEI resources from (ISC)², please visit: https://www.isc2.org/dei