To Improve Diversity In InfoSec Workforce, Widen The Search, Feed Talent Pipeline

RSA Conference 2016: To attract more women and minorities to the cybersecurity workforce, session panelists gave attendees some practical tips and challenged them to do some soul-searching.

SAN FRANCISCO, RSA Conference, Monday Feb. 29 — Overlapping themes arose today in sessions about improving the cybersecurity workforce’s ethnic and gender diversity, at the RSA Conference.

Panelists for “Bridging the Great Minority Cyber Divide–Social and Cultural Dynamics” and “Should I Stay or Should I Go? How to Attract/Retain Women in the Industry” gave some similar advice to attendees on how to improve diversity within their own infosec teams and within the industry at large.

[embedded content]

From a practical standpoint, panelists spoke of the importance of widening the applicant pool from which they search for qualified job applicants and supporting a more robust pipline of young talent, from elementary school, straight through college, without losing them. They also spoke more deeply, about looking inward to recognize one’s own biases and the uncomfortable role of being “the only one in the room,” (as in the only minority person, or the only woman).

“That feeling of being the only one in the room is very real,” said Yonesy Núñez, moderator of the Bridging the Minority Cyber Divide session and membership programs co-chair of the International Consortium of Minority Cybersecurity Professionals.

Núñez asked the panelists whether corporate “inclusion” efforts were effective Panelist Devon Bryan, vice president and Global CISO of ADP LLC said that the business case for diversity has definitely been made, now, and focused on the importance of improving the diversity of the talent pipeline. Yet, panelist Cecily Joseph, vice president of corporate responsibility and chief diversity officer for Symantec, said “In a lot of cases, the business case [for workforce diversity] really hasn’t been made … I would shudder to think where we’d be if those [inclusion] programs didn’t exist.”

One of the troubles Joseph and other panelists throughout the day said they face is that the argument used against diversity initiatives is “but we want the best candidates.”

“Yes, we all want the best candidates,” says Joseph, “but broaden the pool.” She suggests actively recruiting women and people of color, by going to them instead of waiting for them to find you through the same old channels.

Panelist Kevin McKenzie, CISO of Clemson University, also suggested a general rule for meeting more qualified applicants was to move items out of “required skills” into “preferred skills,” on the job description so they wouldn’t be so quickly rejected by the HR vetting process.

Kerry Matre, a member of the women in security panel, and Hewlett Packard Enterprise’s security services team, suggested using some resources from the National Center for Women and Information Technology, like their tips for conducting inclusive searches for job candidates and their “Male Allies and Advocates Toolkit.”  

“Be an advocate,” Matre suggests. “If you see someone say something inappropriate, immediately say [so],” instead of waiting to comment about it later.

Matre said that although she has never left a job because of a gender or diversity issue, there are times she has come home from an industry conference feeling ready to leave cybersecurity because of interactions that happened there. With that in mind, she challenged the audience to practice being an advocate right away. “I guarantee you, you will hear something inappropriate between now and the time you go to sleep tonight.”

Panelist Ping Look, director of security for Optiv, also referenced the inappropriate behavior of men towards her at industry events, particularly early in her career. Other women asked her why she stayed in the cybersecurity industry, enduring that behavior. “I kind of wanted to stay because I was the only woman” Someone has to be first, she said, and if she stayed, she knew other women would come.

When asked about how to retain the women on your team, Gurdeep Kaur, chief security architect at AIG, and panelist on the “Should I Stay or Should I Go” panel recommended, “Don’t treat me differently” for being a woman; just an individual. She also suggests to men having trouble engaging their female coworkers: “Don’t rule her out. It might not be that she doesn’t have things to say, but she doesn’t know how to break into that boy’s club.”

Panel moderator and ISC2 director of business development Elise Yacobellis recommended to the women in the audience, “Be your authentic self,” and not just try to fit into the “boy’s club.”

Matre said that people need to talk more about diversity within their organizations every day, so it becomes a normal conversation, instead of an awkward workshop from time to time. Joseph said diversity needs to be part of the entire business; not just during hiring, but during procurement, philanthropy, and more.

Panelist on the “Should I Stay Or Should I Go Panel” Angela Messer, executive vice-president at Booz Allen Hamilton, said, “We all have our own biases. Take a step back and ask ‘Am I giving people opportunities to grow’ … and if not, why not?”

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

More Insights