Improving security with diversity beyond the checkbox

If you’re a security practitioner, you may be all-too-familiar with the dangers of practicing “checkbox security.” By blindly following rules and directives without appreciating why they’re important, you may make short-term gains while ultimately dooming your long-term goals. That being the case, you may intuitively understand why “checkbox diversity” measures are doomed to fail.

Fairness and effectiveness

Much as the purpose of securing a network is not simply to play by arbitrary rules, including a wider variety of people in security positions is not just about trying to hire an assortment of people that represents the population at large. In other words, security and diversity are not just about being compliant and fair. They are also about helping business get the widest possible range of perspectives, to help them take considered steps instead of leaping blindly without adequate information.

Taking the time to identify cost-effective measures that will protect your digital assets can help you identify potential problems earlier on, when they can be fixed at a lower cost in terms of both money and public goodwill. Likewise, ensuring that you’re finding – and retaining – people with a wider variety of life and work experiences will help ensure that you have the opportunity to learn from people with a broad range of perspectives from the outset, rather than after unforeseen missteps cause serious public relations problems.

The good news is that the ways to improve this situation are not only beneficial for people in underrepresented demographics. By seeking new sources of qualified applicants and increasing psychological safety for employees, you can potentially decrease the time it takes to fill positions, and improve both retention and effectiveness of the people already in your employ.

Moving towards the future

To ensure an increasing supply of high-quality applicants to keep the pipeline flowing; we need to get kids excited at the idea of pursuing cybersecurity careers, we must identify people who could use mentorship and training to excel in this industry, and it’s imperative to include a wider variety of people in our recruitment practices.

Here are a few ways that you can help:

Volunteer

There are a lot of national tech education groups such as TEALS, Girls Who Code, Women’s Society of Cyberjutsu and CoderDojo as well as local STEM events, hackathons and boot camps that are in need of expert support.

Scholarships

The cost of formal education is growing at a rapid pace, which may keep interested people from getting training and credentials that are helpful in getting a job in this industry. There are a lot of scholarships out there that have been set up to encourage people to pursue an education in security. The Women in Cyber Security (WiCYS) website maintains lists of resources for students seeking scholarships and internships. The third annual ESET Women in Cybersecurity scholarship is open for submissions through April 1, 2018.

Reaching underrepresented groups

There are a growing number of groups that are focused on the inclusion of a wider variety of people in cybersecurity and technology careers. National groups like Code2040 and Black Girls Code are helping to cultivate the next generation of developers. You may also be able to find local groups in your area, especially through sites like MeetUp.

Improving psychological safety

Even if you’ve not yet started efforts to improve diversity and inclusion within your organization, you can start looking at your company’s culture to see where you can improve conditions for psychological safety. Your employees are the eyes and ears of your organization; if they don’t feel comfortable speaking up about what they’re seeing and hearing, or discussing creative or unusual ideas, you are not getting their full value. This is especially true of people who may feel they are outside the majority of your company’s demographic.

Help your employees find support

Do you help pair your employees with peers, mentors and (especially) sponsorship within your organization? Ensuring that people have someone to call on for support and advocacy can have dramatic effects on people’s job satisfaction. As competition for cybersecurity talent can be especially stiff, investing in your existing employees is especially important.

The success of a company relies on that of its employees. By setting individual employees up for success, you’re also setting your business up for success. Populating your company with people who have different backgrounds and life experiences gives them a chance to learn from each other, and to be more effective in their jobs and careers.