[BreachExchange] Why Cybersecurity Depends on Diversity & Inclusion

Tue Dec 14 09:53:20 EST 2021

https://www.channelfutures.com/from-the-industry/why-cybersecurity-depends-on-diversity-inclusion

Diversity & inclusion helps to ensure a rich pool of talent with a unique
approach to solving cybersecurity problems.
It’s as serendipitous as it seems designed that there are two important
worldwide recognitions in the same month: Global Diversity and
Cybersecurity Awareness, both of which are recognized in October. The
intersection of diversity & inclusion and cybersecurity is a powerful
reminder that diversity fuels innovation. The more varied the experiences
and thinking of its people, the better the outcomes.

We know instinctively that diversity and inclusion (D&I) matters. It offers
advantageous returns by boosting innovation, creating a happier employee
culture and offering financial rewards. Diverse companies are more likely
to have higher profitability. Likewise, gender-diverse organizations are
45% more likely to improve market share and achieve 53% higher returns.
Among ethnically and racially diverse cybersecurity professionals who also
identify as “people of color,” optimism is strong and job satisfaction is
high, despite the unique obstacles they face.

Most executives will say that there’s no greater asset than a diverse
workforce, especially when it reflects their customers. Cybersecurity draws
from a diverse set of people from different fields, industries, geographies
and ethnicities. As I look at the security business, it’s clear our team
comes from all walks of life and corners of the globe. It’s our diversity
that keeps us connected to our customers’ needs

While there has been progress, a lack of diversity industry-wide persists.
And it’s not good for anyone. There are people who eagerly want to join the
cybersecurity industry but have not found their way in–those with relevant
education and experience but whose talents are undervalued. And the
industry at large can be a change agent. The cybersecurity industry depends
on diverse talent and their unique approach to problems.

Multifarity among Malicious Thinkers

Cybercriminals are our biggest competition. They are organized, motivated,
sophisticated, shrewd, well-funded and resourceful. They have an extensive
array of skills. And while they may have a one-track mind, attackers are
often part of a complex and diverse web of accomplished hackers. Lone
rangers they are not. In fact, in an assessment of last year’s SolarWinds
attack, at least 1000 engineers were involved in creating the attack.
That’s a lot of aligned malicious minds.

Our best chance in defending against cyberterrorists depends on how well we
understand their psychology and behaviors. Attackers come from all
backgrounds and work in a borderless environment. So, it behooves our team
to be as diverse to drive creative thinking and innovation and combat their
hostile efforts. A cybersecurity team embodying individuals with varying
experiences offers a fresh outlook and perspective. And our collective
differences make us smarter, by fusing our cumulative knowledge when
tackling security challenges.

The diversity of our team better positions us to think like the attackers.
It can improve how we consider how attackers look at their opportunity, and
how we contemplate their various assumptions. It can give us a clearer
ability to envision approaches attackers are utilizing, while also
predicting their behavior patterns. Diversity is powerful in how it helps
us develop solutions to adequately defend against attacks.

Value in the (Un)like-Minded

Part of a diverse team’s composition is their educational and experiential
paths into cybersecurity. Not all cybersecurity professionals’ routes into
the field are the same. Some take a road less traveled. In fact, 30% of all
cybersecurity roles are filled by people with non-technical backgrounds.
And there’s a cybersecurity workforce gap of 3.5 million global IT jobs
unfilled, meaning the workforce needs to grow by 145% to help close that
gap. That’s a lot of non-technical jobs.

Embracing talent beyond traditional cybersecurity-related experiences and
education helps diversify the talent pool. It mixes things up and brings
together unlike-minded cyber-sages who can add immense value. Loosening the
antiquated criteria and requirements will allow teams to identify quality
team members—included those who otherwise would be overlooked.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211214/bd17b3ae/attachment.html>