While bringing diversity into the workplace offers a myriad of benefits, it also comes with its fair share of challenges. Fostering an inclusive company culture is especially imperative today, considering many industries are facing a tight labor market and shortages.
One industry struggling to achieve diversity in the field is cybersecurity. Though organizations are working to solve this ongoing issue, some barriers still prevent marginalized groups from breaking into this industry.
Addressing the various barriers that marginalized groups, such as women and people of color, face when entering the cybersecurity workforce may help turn the tide and improve diversity efforts across the board. By first acknowledging the industry’s shortcomings, more work can be done to create an inclusive industry that helps drive businesses forward.
Let’s explore four of the most common barriers preventing the cybersecurity industry from becoming more diverse.
1. A Lack of Formal Cybersecurity Education
(ISC)², a nonprofit organization dedicated to providing training and certifications to cybersecurity professionals, released a 2020 Cybersecurity Perception Study. Some of the findings show that perception of cybersecurity roles is positive, but many people still don’t see themselves as a good fit for cybersecurity.
A total of 2,500 respondents were surveyed, and 77% of the respondents said they never had formal cybersecurity education in their curriculum.
If people lack the education needed to succeed in cybersecurity roles, it’s likely they’ll never even pursue it as a career. More emphasis must be placed on STEM and cybersecurity training in higher education to help mitigate this issue.
2. Cultural Biases and Systemic Racism in Society
While this barrier may seem obvious, it’s worth noting that cultural biases and systemic racism play a major role in the growing disparity of women and people of color in the industry.
Zippia found in its research of 30 million profiles that the most common ethnicity of those in the cybersecurity field is white (72.6%). While there’s no one reason for this, it’s imperative that we acknowledge the biases and systemic racism blacks and Asian folks face in society and how they may be contributing to this gap.
In addition, Harvard Business Review found that the majority of venture capitalists (VCs) contribute to entrepreneurs who share their gender or race. Only 8% of VC investors are women, and less than 1% of VCs are black, which means startups end up lacking the funding to achieve success in cybersecurity.
Because biases and racism can negatively impact hiring outcomes, it will require more than just education and awareness. It’s challenging to name just one solution to this barrier.
3. Less Diverse Interview Panels
Zaira Pirzada, the principal advisor at Gartner, believes that less diverse interview panels contribute to the lack of diversity in the cybersecurity sector.
Leadership executives who work on recruiting cybersecurity professionals can inflict change on the industry as a whole. While hiring more diverse applicants may not solve the problem entirely, interviewers must be as diverse as possible.
Some companies are already committing to hire more women and people of diverse ethnic backgrounds to bridge the gap on these panels. For example, cybersecurity professional Tatyana Bolton created the Making Space pledge, which more than 50 organizations have taken to recognize the need for more representation in their cybersecurity hiring practices. More initiatives such as these will be necessary to ensure a variety of voices are heard at panels and events.
Also, rather than focusing on just cybersecurity certifications or degrees, interviewers should focus on a candidate’s broad spectrum of skills and competencies. This will improve the hiring process, thus increasing the level of diversity within a cybersecurity company.
4. Need for Diversity Training
Community organizations, such as Blacks in Cybersecurity (BIC) or Women in Cybersecurity (WiCys), work tirelessly to provide a pipeline for these marginalized groups so they can work in the cybersecurity field. However, there’s a clear need for more diversity training within the industry.
Many companies, regardless of industry, believe they can do more to achieve diversity — the cybersecurity field is no exception. And keep in mind: diversity comes down to more than just hiring people of color or women. It requires thorough, comprehensive training, confronting inherent biases, and encouraging an inclusive work environment, to name a few examples.
Because of these barriers, it’s become increasingly challenging for minorities to enter the cybersecurity space. However, there’s so much value in achieving diversity. Having employees with different backgrounds allows different viewpoints and perspectives to be heard.
The benefits of a diverse workforce go beyond public perception and political correctness. Achieving diversity could mean better decision-making, improved employee engagement, and higher productivity levels.
Fighting Barriers in the Future
Overcoming industry barriers is not a straightforward process. However, when we acknowledge some of these challenges, we’re one step closer to pushing through them. The ultimate goal is for the cybersecurity industry to become more diverse from the top down.