Technical ability is only a starting point in developing useful, secure and powerful technology. If we take steps to better understand and represent a wider user base, we can get significantly improved financial results. Credit: Thinkstock I’m sure we’ve all had the experience of trying to navigate some piece of software that is quite technically powerful, but so inscrutable as to be almost useless. Sometimes that software could be a widget that was built in-house and never meant to see wider distribution, and sometimes it’s a widely used application that’s sold for big bucks. One thing they all have in common is a lack of understanding or empathy for how people actually use this technology.The stereotype of an engineer, especially a software engineer or a security practitioner, is someone who is technically-minded. But that really isn’t the only trait, or even necessarily the most important one, needed to do the job well.Technical skill is only a starting point; the best technology in the world will still end up on the ash heap of history if no one uses it, or if it creates more problems than it solves. For software applications or security procedures to be successful, they need not only to address a demand, but also to do it in a way that is comfortable for people to use. Arguably, it is even more important to secure the human than just the data or devices.Most (if not all) of us have been guilty of feeling that people “should” behave certain ways, in order to use software properly or to keep oneself safe online. But our theoretical mandates are irrelevant if real-life particulars dictate that people operate differently. We probably all have our own personal pet peeves regarding vendors who misread how people actually use (or misuse!) technology. An inability to put oneself in another person’s metaphorical shoes leads to glitches in security, privacy, accessibility, localization, usability, and even the legality of technology. It’s not difficult to see how disasters in any one of these areas could cost everyone from users to manufacturers a lot in terms of lost productivity, sales, brand reputation or regulatory fines.To some extent, failing to predict other people’s experiences completely is inevitable. If you’ve ever worked for a technical support organization or in a quality assurance department, you know that the variations in users’ software and hardware configurations can be truly mind-boggling. Likewise, our own personal life experiences will necessarily have a seemingly infinite number of variations. Even two people who share the same DNA can have significant differences. Rather than treating this as an unsolvable problem, we should view this as an infinite opportunity. Even viewing this from a strictly financial perspective, the more varied the life experiences of a company’s employees are, the more the organization stands to gain.Companies in the top quartile for racial and ethnic diversity are 35% more likely to have financial returns above national industry medians. Companies in the top quartile for gender diversity are 15% more likely to have financial returns above their national industry peers. Teams with members whose sexual orientation matches the target consumers’ are much more likely to understand that market.It should be intuitively obvious to those of us preaching the difference between “checkbox compliance” and true security improvements that these financial benefits are only available when companies are truly trying to include a wide variety of people rather than just collecting employees who match a checklist of traits. Such lists are never comprehensive; if companies perform a thorough examination of what their current assets are and what types of skills or experiences they could benefit from by incorporating, they are more likely to identify opportunities and vulnerabilities. Having a neutral third party assist in these examinations can also help detect blind spots.The following list is not intended to be complete, but it may give you a starting point for factors to consider:AgeRaceEthnicity or ancestryNational originGender identitySexual orientationSocio-economic backgroundEducational backgroundReligious affiliationMarital or domestic partner statusFamily statusVeteran statusDisability statusNeurodiversityPersonality typesThinking stylesCommunication stylesTo include a wider variety of people in your organization, you may need to address things that are limiting your ability to hire inclusively, or which may be causing high levels of attrition. Changes may be simple, or they may require cultural shifts such as moving from a more competitive environment to a more “just culture”. Project Include is a phenomenal resource for those looking to learn more about diversity and inclusion.The technology industry has gotten to where it is by disrupting “business as usual”. For growth to continue, we need to disrupt our own “business as usual” habits. Failing to do so will ensure that we continue to have friction around hiring and employee retention, plus the security, usability and adoption of products. But if we succeed, we can create a rising tide to lift all boats. Related content opinion Of mice and malware Some of the most important training I got for a career in computer security research was not from a computer-related class, but in a biology class. While these two disciplines may seem entirely unrelated, the skills that are needed in both cases can By Lysa Myers Jul 03, 2019 6 mins Malware IT Skills Staff Management opinion Have we doubled the number of women in infosec? According to a recent (ISC)2 report, women now comprise 20% of cybersecurity workers. But without defining what jobs are being included, it’s unclear whether we’re truly making progress. By Lysa Myers Feb 11, 2019 5 mins Technology Industry IT Skills Staff Management opinion Has the word ‘breach’ has outlived its usefulness? When someone says a data breach has happened, it’s generally understood to mean that attackers have broken into a company and stolen sensitive information. But after a growing number of high-profile privacy gaffes, the definition of “brea By Lysa Myers Nov 28, 2018 5 mins Data Breach Technology Industry Data Privacy opinion Stop training your employees to fall for phishing attacks Training your employees how to recognize and avoid phishing only works if trusted emails don’t look the same as criminals'. By Lysa Myers Jul 10, 2018 4 mins Phishing Social Engineering Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe