All My Stripes: The New Business Imperative of LGBTQ+ Inclusion
“Don’t talk, just act. Don’t say, just show. Don’t promise, just prove.” -Hiroko Tsuchimoto
As another LGBTQ+ Pride month comes to a close and I look back at the rainbow striped logos companies used on their websites, I take pause to look back at what progress has been made over the last year for our community. This year was the first I can recall where stains were left on the celebration of Pride month by our own president when he denounced the workplace protection law passed by the Supreme Court and his reversal of Obama-era healthcare protections of transgender individuals on the anniversary of the Pulse nightclub massacre where 49 people were killed.
What have businesses who’ve redesigned their logos with a rainbow done to help advance the representation of LGBTQ+ minorities in their own companies? Is it just PR for these companies or do they really understand the unique perspectives the LGBTQ+ community brings to decision-making and advancements in IT?
More importantly, what have I done?
As a lesbian, transgender person, and woman, I’ve been up against all three similar stereotypes and unconscious and conscious biases in cybersecurity. From men thinking I’d sleep with them for a signed contract to someone not wanting to do business with a company run by a trans-person — I’ve seen it all.
I’ve been working in cybersecurity for over 20 years and it’s time I take pause to ask myself what I’ve done to help further the LGBTQ+ community and do my part in making a positive impact on LGBTQ+ lives. I’m sad to say I could have and should have done more. I will do more. The fact of the matter is, I’ve never wanted to be seen as a “beautiful trans woman” -- just a “beautiful woman.” So those who follow me on social media know I rarely, if ever, talk about trans issues. I never wanted it to be a part of my narrative. That’s not to say I’m embarrassed about being trans; quite the contrary, I’m proud to have been blessed to have lived in two separate bodies, to live my life as two different sexes. However, as many know, gender is different than sex assignment at birth. For those who aren’t familiar with what it means to be trangender, it’s different than being a cross-dresser, which is someone who likes dressing in the clothes of the opposite gender. Being transgender is literally being born with the wrong sex assignemnt at birth. In short, transgender individuals are born with the brain of the opposite sex than what they are assigned at birth. So in my case, I was born with a female brain in a male body. I transitioned in 2008 from male to female when I was 29. Since then, I’ve lived my life full-time as a woman. However, I wasn’t prepared for how my professional life would radically transform in going from a male knowledge worker to female. The wage disparity, being passed up for opportunities by male colleagues with the same level or less experience...all of this is true. These were all things I did not experience in my former skin.
The fact that cybersecurity is a “good ‘ol boys club” has been a frequent reminder for me. I recall recently when I was in a meeting with a vendor who asked me when “my boss” would be in, assuming I was “his” EA and there to take notes and not realizing I was the Group CEO of the company.
The problem is exacerbated on social media in recent tweet storms where men thought it would be appropriate to say that women have no interest in cybersecurity. Their opinions were that we as women prefer to be homemakers, changing diapers and making dinners instead of writing buffer overflows. His opinion was that cybersecurity was “too fast-paced” for women. My rebuttal to that sexist tweet went viral.
As more studies are published on this very question, such as the diversity study of 4,277 companies in Spain which found that diversity can increase the efficacy and innovation of teams, the unique perspectives that underrepresented minorities bring and that directly impact a business’ bottom line is clear. This study found that women (gay or straight) were more likely to introduce radical new innovations into the market over men, underscoring more empirical evidence to the business imperative of companies being more inclusive and giving more women representation in the board room.
While there is no empirical data published on the advantages of having LGBTQ+ team members in a company, I can attest to my own experiences of hiring an entire women-led organization at Brier & Thorn and the unique perspectives women, as well as our LGBTQ+ team members, bring to problem solving.
The LGBTQ+ community has been persecuted, abused, and even killed for being who we are for decades. Until someone is strung up and hung from a tree or tied to the back of a car and dragged for being straight (all things LGBTQ+ persons face on a daily basis), our straight peers in the workplace will never understand what it’s like to walk a mile in our shoes. I opine that this is the reason we in the LGBTQ+ community work so hard to prove how people with conscious and unconscious biases see us.
I’ve been asked so many times “why do gay people need a parade, it’s not like straight people have a parade?” Until you can be passed up on a job or even killed for being straight, I believe this question will continue to pervade global societies until the end of time. It’s my opinion that businesses and cybersecurity teams alike can benefit greatly by not only diversifying genders across teams but also sexual orientation and attempting to not only implement equity, but also inclusion. Whereas equity seeks specifically to ensure fair treatment, inclusion builds a culture of belonging by welcoming the contribution, participation and experiences of all people.
Another study looked at the profitability across 20,000 firms in 91 countries. This study found that companies with more female executives than men were shown to be more profitable than companies with male majorities in their C-suite. But while women, racial minorities, and people with disabilities have been studied closely in their under-representation in cybersecurity, what about LGBTQ+ individuals?
According to recent studies, negative interactions in the workplace experienced by LGBTQ+ employees are costly to businesses. Employees who experience negative touch points in the workplace are 40% less productive and 13 times more likely to quit their jobs.
Companies must get ready for the new workplace norms expected by millennials and Gen-Z employees who will now make up a majority of their headcount. This new generation of straight workers care viscerally about inclusion and advocating for it for their LGBTQ+ peers, more so than previous generations. According to a recent study by BCG, there are clear numbers that speak volumes in the important distinction between diverse hiring initiatives, where companies hire employees from different backgrounds, and inclusive hiring initiatives, where companies hire employees who feel free to bring their authentic selves to work. Such a discrepancy carries steep financial costs to companies who get it wrong.
This study concluded that LGBTQ+ employees who are “out” in the workplace feel psychologically safer, take more creative risks, and feel more empowered to speak up. Hiding this critical part of themselves results in an employee unable to do their best work as evidenced in the chart below:
SOURCE: BCG LGBTQ employees employee survey 2020.
There is now a staggering amount of new data being published every year on the business imperatives of companies getting this inclusion right.
When companies even the playing field for LGBTQ+ employees in both lower and upper ranks at their company, up to and including in the boardroom, it results in a more engaged workforce, less attrition, stronger and more impactful innovation, and improved financial performance. The lens created by the unique life context and experience of LGBTQ+ individuals is one that no business can afford to do without, regardless of whether their logo is redesigned with rainbow stripes every June or not.
A list of LGBTQ+ Cybersecurity, IT and tech resources
- Out in Tech
- Lesbians Who Tech
- LGBTQ in Technology
- Trans*H4CK
- Queer Coders
- GLEAM
- TransTech Social Enterprises
- Start Out [resource for LGBTQ+ entrepreneurs]
- Queer Tech Meetup NYC (New York City, NY)
- Queer Tech Club (Chicago, IL)
- LGBTQ in Tech (Austin, TX)
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- All My Stripes: The New Business Imperative of LGBTQ+ Inclusion
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security