Professional development

Minorities in Cybersecurity: The Importance of a Diverse Security Workforce

Susan Morrow
May 30, 2018 by
Susan Morrow

In an earlier article, we looked specifically at the gender gap in cybersecurity. (1) This article will look more closely at the wider area of diversity - people from all walks of life, of all creeds, representing all ethnicities. The world is made up of peoples of many different backgrounds, and yet, our cybersecurity workforce does not reflect this diversity.

Information is Beautiful (2) have created a breakdown of “Diversity in Tech” which shows the disparity of employment in ethnic minorities in the technology sector. For example, across the board, Latino and Black employees are massively under-represented, with less than 10% of the workforce across many large organizations (this includes Facebook, Microsoft, and Salesforce).

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

In cybersecurity, this situation is perpetuated. Data from DataUSA showing the ethnic make-up of holders of the post of ‘Information Security Analyst’ demonstrates this clearly. DataUSA, found that in 2016, the workforce for this post was made up of 74% white employees, 11.9% black employees, and 7.9% Asian employees. (3)

A report by (ISC)2 found slightly better statistics for ethnic minority representation when viewed across a wider spectrum of cybersecurity employment - with 26% of the workforce coming from a minority group. (4) However, what the report highlighted that was of particular interest was that people from ethnic minorities who held managerial positions in cybersecurity were more highly qualified than their Caucasian counterparts. In terms of salary, there were also discrepancies. The report found that, on average, minority groups were paid less than their male Caucasian counterparts, with Black females fairing the worst.

Cybersecurity, perhaps more so than other areas of technology, is one requiring a multidisciplinary approach to a problem. The area of cybersecurity is one where problem-solving skills and a holistic view of a challenge is key to resolving an issue. Having a team made up of diverse individuals can only work to improve the outcome of that team.

And diversity in the workplace matters. A report by McKinsey found that companies with better minority employment records had a 35% greater financial return than the industry median (5). We should be embracing people from all walk of life and all ethnic origins to provide us with the creative thinking needed by the industry. Having a diverse workforce in the complicated area of cybersecurity will help us to take on the ever-changing set of challenges this area of our lives presents.

The Challenges of Minorities in Cybersecurity

The challenges experienced by those from a minority group in cybersecurity are felt most keenly in the areas of bias and discrimination, and the feeling of being disenfranchised.

Discrimination and bias: The ethnic minority gap in the tech industry has been shown to be widening. A report “The Illusion of Asian Success” looked at the challenges of Asians, Blacks, Hispanics, and minority women in the tech industry in Silicon Valley. (6) The report found that, although Asians were hired at a reasonable rate, they were less likely to progress up the career ladder than white men. The same was found for black men and women. Asian women fared worst, with a 66% under-representation in the tech industry. Discrimination and bias is not only preventing people entering the profession, but is also behind an exodus as shown next.

Disenfranchisement: In a study entitled “Tech leavers” by the Kapor Center for Social Impact, they found that almost 25% of under-represented minorities and women of color experienced stereotyping. They also found that 40% of Black, Hispanic and Native American men left their jobs due to unfairness and racism in the workplace. (7)

What Can Organizations Do To Encourage Cybersecurity Workforce Diversity?

There are a number of ways that an organization can redress the balance pitted against ethnic minorities in the workplace and in cyber security these include:

  1. Encourage diversity - actively encouraging a culture of diversity should be filtered down from the board level. Creating executive leadership programs is a good place to start this process. The company, as a whole, needs to encourage the recruitment and retention of persons from all walks of life, regardless of ethnicity.
  2. Mentoring: Having positive role models in the workplace is seen as one of the most effective ways of bringing ethnic minority staff into an organization and retaining them. This can be extended to reach out to universities.
  3. Build an inclusive culture: Strive to create a company ethos where voices are equally heard and given equal respect.
  4. Training programs for professional development: Training programs give people the skills to grow their career and their personal confidence. Confident employees are less likely to give up on their career.

Cybersecurity continues to challenge the best of us. The tricks and techniques employed by cybercriminals are themselves diverse and complex; they straddle the divide between technology and human factors. Having a workforce that pulls together multiple talents, experiences, and skills from across different cultures will help to build a more creative problem-solving approach to managing the cybersecurity problems we face. 

Resources for Ethnic Minority Employees in Cybersecurity

LinkedIn:

Conferences:

  • ICMCP National Conference, 17-19 September, 2018, Atlanta, Georgia: https://conference.icmcp.org/

Cybersecurity Scholarship Opportunities From InfoSec Institute

InfoSec Institute just launched a new cybersecurity scholarship program to help close the growing cybersecurity skills gap and encourage new talent to join the industry. It awards over $50,000 in training courses to four recipients each year. Valued at $12,600 each, the scholarships guide aspiring security professionals through a progressive career path.

Scholarships target underrepresented groups in cybersecurity (including women and minorities), and include certification exam vouchers to give recipients the skills, credentials and experience needed to secure a professional-level cybersecurity position. Selection criteria varies by scholarship, but exclusively focuses on those seeking a career in cybersecurity. Available scholarships include:

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Sources:

  1. Article on women in cybersecurity link here
  2. Information is Beautiful, Diversity in Tech: https://informationisbeautiful.net/visualizations/diversity-in-tech/
  3. DataUSA: https://datausa.io/profile/soc/151122/
  4. (ISC)2 , Innovation Through Inclusion Report: https://www.isc2.org/-/media/Files/Research/Innovation-Through-Inclusion-Report.ashx
  5. McKinsey, Why diversity matters: https://www.mckinsey.com/business-functions/organization/our-insights/why-diversity-matters
  6. Ascend: https://www.ascendleadership.org/page/research
  7. Kapor Center for Social Impact, Tech leavers: http://www.kaporcenter.org/tech-leavers/
Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.