Rising Together: A Look at Diversity and Inclusion in Cybersecurity

Reflecting on International Women’s Day, I’m grateful to work for an organization that empowers women in the workplace and encourages me to continue to grow. As we know from a wide range of academic research, an open-minded, diverse culture encourages the exchange of differing perspectives, which improves employee experiences, productivity, and the organization’s overall success.
 

Diversity and usable security

Diversity is critical in IT, especially in cybersecurity. Security systems must work for all users, and as these technologies are developed, a variety of perspectives can help deliver the best solution.

Security solutions and protocols are often designed without enough regard for usability. Wendy Nather, Head of Advisory CISOs, Duo Security at Cisco, discussed the concept of democratizing security at RSA Security Conference 2020, using the example of a spoon. In any country, environment, or community, the function of a spoon is obvious, and users know how to use it. Security needs to be just as universal, simple, and easy to use. 

When a single culture designs a security solution, often that solution will work well for the users of that background, but it might not work for other communities, ethnic groups, genders, age groups, economic status, etc. Encouraging diversity in the cybersecurity community will strengthen our overall security posture. Developers can build enterprise security solutions that all users can easily adopt.
 

Recruiting and retaining talent

We are making progress, but we have more opportunities to increase diversity across the industry. We need to recruit from non-traditional sources and provide support and recognition for individuals from different backgrounds and perspectives within an organization’s workforce.

There’s been a lot of effort in diversity training and providing opportunities for under-represented groups in the academic world; we need to ensure this continues in the workforce. Organizations should step outside their comfort zones in their recruitment efforts. While we want to recruit and retain top talent, that talent doesn’t always come from top-tier schools—community colleges and Historically Black Colleges and Universities (HBCUs) offer many smart, motivated candidates who are no stranger to hard work and overcoming challenges. Organizations should be open to candidates with backgrounds that differ from those traditionally targeted—people who represent a diverse range of educational and professional experiences.

Once these individuals are hired, organizations should provide support and networking programs for women and under-represented groups to help ensure equal opportunity for individuals to thrive in the workplace. IT has traditionally been dominated by white males, and still is—culture change takes time, and being a visible minority carries an overhead on top of normal work responsibilities. Organizations with strong support systems are more likely to recruit and retain talented minority contributors.
 

A personal perspective

For any women and under-represented individuals looking to work in information security: you don't have to be perfectly qualified for a role to succeed at it! Focus on your strengths and pursue opportunities based on your talents, not just your background. Don’t be afraid to try something new, and look for employers and managers who will take a chance on you. If you work hard, and you're prepared to make mistakes along the way—and then recover and learn from them—you will find a path where you can succeed and excel. 

Surround yourself with people who will support you in growing these skills—through mentors, local “Women in Cybersecurity” chapters, and networking events. Take advantage of opportunities to find out what they have to offer, what you can learn, and what takeaways will benefit you in the field. And then share that knowledge and those connections with others around you!

I started out in IT as a web developer doing basic HTML and was fortunate enough to work at small companies that allowed me to try things that I had no background in but was interested in learning more about. As a result, I was able to develop new skills—web server sysadmin, Linux server security, network security—and eventually work my way into enterprise security. Today, I have a rich pool of experience to share with our customers, and I continue to learn something new with every engagement.
 

Lift as you rise

There is a real balance in diversity and inclusion. Working together, we can find a way to support each other and rise together. It’s not always easy, but it is well worth the effort.
 

Lisa Lorenzin is the Zscaler Director of Transformation Security