Skip to main content
Microsoft Security

How to solve the diversity problem in security

 

I was in the midst of composing this blog on diversity in cybersecurity when a Fortune article on Women in Cybersecurity found its way to my LinkedIn feed. It was promoted to me by a man I know and respect. As I reflected on the content of this piece in the context of my post, a key detail leapt out at me. It was a male member of the cybersecurity industry advocating for women in this instance. So, what does it all mean?

I have enjoyed a technology career to date spanning 30 years. I have been fortunate to encounter amazing mentors along the way, female and male, many of whom I met very early in my career. My professional experiences, good and bad, successes and failures, have shaped who I am today. Through those experiences, I have become convinced we need more diversity in cybersecurity. Whilst there are no easy answers to solving this problem, understanding some of the root causes will help inform our decisions.

We need to hire and mentor more women and diverse talent in security not only because it is the right thing to do, but also because gaining the advantage in fighting cybercrime depends on it. If we do not diversify the cyber talent pool:

I firmly believe most bias is unconscious. Certainly, conscious bias exists, but in my view the majority are doing the best they can with the background and experiences that have shaped their lives. We tend to mentor and hire people we know and trust. If our professional sphere is limited to a certain segment of the population, then the hiring pool simply replicates the makeup of our network.

The cybersecurity industry has historically been predominantly male for a few reasons:

Given the serious implications the lack of diversity has for cybersecurity, how do we attract, recruit, mentor and retain a broader more inclusive workforce? The answer lies with a programmatic approach where we continuously measure effectiveness and adapt accordingly. The below steps, while not easy, and certainly not exhaustive, are imperative and urgent. The bad actors are well-funded and organized – innovating their methods, and growing their numbers – certain to become a permanent fixture of our digital future. Our ability to remain a step ahead is dependent on evolving our tools and talent through the following:

We will only solve the diversity problem as an industry. The industry’s conferences are all tackling diversity through meaningful dialogue which will hopefully lead to further investments. It is time for everyone to embrace a cybersecurity future where all who feel they can make a positive impact are welcomed, and our ability to recruit and retain these persons is free of the caveats and excuses of the past.