Diversity is defined as being the broad range of human differences, including but not limited to race, ethnicity, gender, age, sexual orientation, ability, and socio-economic status. Despite the benefits diversity can bring, many organisations have been slow to embrace it and to embrace the benefits that a diverse workforce can bring them. The cybersecurity profession in the UK faces specific issues in respect of increasing the pool of cybersecurity talent. These include supporting more neurodiverse candidates into the profession, increasing the number of women in the profession, and facilitating non-traditional routes into the profession.
The benefits of diverse teams in security:
Organisations should have a wide range of skills across their security teams, which is best achieved by increased diversity, and some important ways diversity benefits a team include:
1. Greater representation:
Representation in cybersecurity is essential, especially for teams to match the diversity of those who carry out cyber-attacks and to represent the groups they are protecting. If there is a lack of diversity this can lead to gaps in cybersecurity training due to assumptions in end-user knowledge. If you have a range of ages in teams, this results in a variety of valuable skill sets and perspectives, for example, cybersecurity professionals with long-term experience will have much more experience with malware, whereas those who are younger will be more versed in modern threats.
2.Variety of perspectives:
If you have people on your team from diverse backgrounds this will bring a variety of viewpoints, which means teams are more likely to get past obstacles and efficiently resolve issues by approaching them from different angles and viewpoints. Different questions may also be asked, and this level of diversity means teams are likely to have more options available to them and find better solutions.
3. Greater problem solving:
A diverse team will often provide more than just a range of different perspectives. When you are surrounded by peers who are more diverse, the members in the majority group may start to question their own assumptions, in turn helping them to improve their problem-solving capabilities. Visual diversity in teams often helps those involved to handle conflict in a more constructive way and in anticipation of potential conflicts are more likely to undertake more due diligence and research before presenting ideas, leading them to discover more problems on their own.
How to increase diversity
Increasing diversity can bring great benefits to organisations, but it does mean changing perceptions and examining any biases you might have. Some of the ways you can increase diversity in your organisation include:
1. Focus on staff retention as much as staff recruitment:
Studies show that up to 52% of women leave security careers, as do those with non-traditional backgrounds, and this is nearly double the percentage of men who leave cybersecurity careers. Some say this is because women don’t enjoy their careers in security, but 80%+ of women in the industry say that they love their work. This implies that many from diverse backgrounds leave the industry due to culture.
2. Keep your conscious and unconscious biases in check:
Too often, we have a mental picture of what a security person is supposed to look like which does not reflect reality. Appearances can be very deceptive, so acknowledge that your biases may not be explicit or intentional and learn to recognise that they do exist. Listen to what people say, evaluate the work they produce and observe how they collaborate with others – these are all indicators of the value they bring to the organisation.
3. Nurture those who think uniquely:
Building a culture of inclusion where everyone has a chance to share their ideas can help hugely when it comes to improving diversity within security organisations. Not every idea will be a great one, but all ideas and opinions should be shared and listened to.
4. Increase your talent pool through flexible working:
Supporting flexible working hours, a flexible working location, job sharing or three weeks on/one week off enables people to set their own hours and location where they feel at their most productive, while still delivering on deadlines and projects. Trust that people can be productive even if they don’t work in the same way or at the same time as others.
Final thoughts
To build a strong and diverse security team, you need to build an environment that supports and accepts differences of all kinds. Do not let bias about gender, the hours someone works, the location that someone works, or their appearance get in the way of nurturing all the great security talent available within organisations. Organisations should focus on creating security teams that mirror the make-up of their wider workforce. Only then do they stand a chance of warding off the growing cyber-threat.
