When it comes to diversity, it’s easy to get caught up in the numbers. But the fact of the matter is that even in an industry as technological as cybersecurity, it’s simply not a numbers game.
Cybersecurity is an incredibly human industry. Human error is one of the leading causes of cyberattacks, and ensuring that cybersecurity workers are diverse in backgrounds and identities will give cybersecurity firms the best chance at protection and recovery. It’s simply not enough to just reach some arbitrary percentage of a certain type of people, it’s about thinking holistically about the needs of the cybersecurity industry and the needs of the world.
The world is a big place, and it’s going to take all sorts of people to protect it.
Gender Equality in Cybersecurity
According to Forbes, women make up only 20% of the cybersecurity workforce as of 2018. Surprisingly, this is actually a huge improvement from 11% in 2013. While improvements are great, given the increasing need for new cybersecurity workers, there’s still a huge opportunity for improving gender diversity.
Part of this recent increase may be due to the increasing efforts to get young girls interested in STEM overall, but no matter what you’re age it’s never a bad time to enter the cybersecurity workforce. Furthermore, it benefits both individuals and businesses to have more women protecting us against the ongoing wave of cybercrime.
“The argument in favor of greater gender equality in cybersecurity is really not one of right vs. wrong or men vs. women. Rather, it’s that having more women in the workplace is good for business. Diversity in perspectives, leadership, and experience is good for business,” reports Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future. We cannot think about diversity like we’re just hitting some representational benchmarks, because humanity doesn’t work that way and neither does cybersecurity.
Racial Representation in Cybersecurity
Gender is just one aspect of the overall diversity gap in the cybersecurity industry, but race and ethnic diversity is another huge concern as we move towards creating a stronger and more diverse cybersecurity workforce.
In general, racially diverse teams perform 35% better than their competitors, and while that’s a helpful statistic it’s also important to remember that diversity alone is not enough. It’s also important to take note of where in the leadership chain those ethnic and racial minorities are employed. According to Helen Patton of Ohio State University, “26% of the 2017 US cybersecurity workforce were ethnic/racial minorities. That’s roughly in line with the US population but disproportionate when considering non-management positions.”
As discussed, diversity is more than a numbers game. It’s something that needs to be woven into not just our workforce but also managerial tracks and the security systems overall. Although there is no immediate solution to getting more racial and ethnic minorities in leadership positions in cybersecurity, there is no doubt that doing so would improve the state of the industry today. InfoSec Institute reports that “Cybersecurity, perhaps more so than other areas of technology, is one requiring a multidisciplinary approach to a problem. The area of cybersecurity is one where problem-solving skills and a holistic view of a challenge is key to resolving an issue. Having a team made up of diverse individuals can only work to improve the outcome of that team.”
Why Diversity in Cybersecurity Really Matters
All technology is derived from human innovation, which means that it reflects the people who made it. The same goes for cybersecurity systems and cyberattacks. Even algorithms can reflect the personal bias of those who made them!
According to Ann Johnson of Cybercrime Magazine, “That is why at the core of it all, our security teams need to be as diverse as the problems we are trying to solve – because diversity is how we get the best security.”
It’s not enough to just reach a certain percentage of a certain type of people, what really matters is thinking holistically about the needs of the cybersecurity industry and staffing appropriately. With over 3.5 million jobs currently available in cybersecurity, a massive skills shortage, and the current lack of diversity, it’s more important than ever that the cybersecurity workers who protect the world are as diverse as the people they’re protecting.
Thankfully, with such a low barrier of entry, it’s easier than ever to jumpstart your career in cybersecurity no matter who you are, what your background is, or how you identify! When it comes to cybersecurity heroes, it truly takes all kinds.