Minorities in Cybersecurity: The Importance of a Diverse Security Workforce
In an earlier article, we looked specifically at the gender gap in cybersecurity. (1) This article will look more closely at the wider area of diversity – people from all walks of life, of all creeds, representing all ethnicities. The world is made up of peoples of many different backgrounds, and yet, our cybersecurity workforce does not reflect this diversity.
Information is Beautiful (2) have created a breakdown of “Diversity in Tech” which shows the disparity of employment in ethnic minorities in the technology sector. For example, across the board, Latino and Black employees are massively under-represented, with less than 10% of the workforce across many large organizations (this includes Facebook, Microsoft, and Salesforce).
In cybersecurity, this situation is perpetuated. Data from DataUSA showing the ethnic make-up of holders of the post of ‘Information Security Analyst’ demonstrates this clearly. DataUSA, found that in 2016, the workforce for this post was made up of 74% white employees, 11.9% black employees, and 7.9% Asian employees. (3)
A report by (ISC)2 found slightly better statistics for ethnic minority representation when viewed across a wider spectrum of cybersecurity employment – with 26% of the workforce coming from a minority group. (4) However, what the report highlighted that was of particular interest was that people from ethnic minorities who held managerial positions in cybersecurity were more highly qualified than their Caucasian counterparts. In terms of salary, there were also discrepancies. The report found that, on average, minority groups were paid less than their male Caucasian counterparts, with Black females fairing the worst.
Cybersecurity, perhaps more so than other areas of technology, is one requiring a multidisciplinary approach to a problem. The area of cybersecurity is one where problem-solving skills and a holistic view of a challenge is key to resolving an issue. Having a team made up of diverse individuals can only work to improve the outcome of that team.
And diversity in the workplace matters. A report by McKinsey found that companies with better minority employment records had a 35% greater financial return than the industry median (5). We should be embracing people from all walk of life and all ethnic origins to provide us with the creative thinking needed by the industry. Having a diverse workforce in the complicated area of cybersecurity will help us to take on the ever-changing set of challenges this area of our lives presents.
The Challenges of Minorities in Cybersecurity
The challenges experienced by those from a minority group in cybersecurity are felt most keenly in the areas of bias and discrimination, and the feeling of being disenfranchised.
Discrimination and bias: The ethnic minority gap in the tech industry has been shown to be widening. A report “The Illusion of Asian Success” looked at the challenges of Asians, Blacks, Hispanics, and minority women in the tech industry in Silicon Valley. (6) The report found that, although Asians were hired at a reasonable rate, they were less likely to progress up the career ladder than white men. The same was found for black men and women. Asian women fared worst, with a 66% under-representation in the tech industry. Discrimination and bias is not only preventing people entering the profession, but is also behind an exodus as shown next.
Disenfranchisement: In a study entitled “Tech leavers” by the Kapor Center for Social Impact, they found that almost 25% of under-represented minorities and women of color experienced stereotyping. They also found that 40% of Black, Hispanic and Native American men left their jobs due to unfairness and racism in the workplace. (7)
What Can Organizations Do To Encourage Cybersecurity Workforce Diversity?
There are a number of ways that an organization can redress the balance pitted against ethnic minorities in the workplace and in cyber security these include:
- Encourage diversity – actively encouraging a culture of diversity should be filtered down from the board level. Creating executive leadership programs is a good place to start this process. The company, as a whole, needs to encourage the recruitment and retention of persons from all walks of life, regardless of ethnicity.
- Mentoring: Having positive role models in the workplace is seen as one of the most effective ways of bringing ethnic minority staff into an organization and retaining them. This can be extended to reach out to universities.
- Build an inclusive culture: Strive to create a company ethos where voices are equally heard and given equal respect.
- Training programs for professional development: Training programs give people the skills to grow their career and their personal confidence. Confident employees are less likely to give up on their career.
Cybersecurity continues to challenge the best of us. The tricks and techniques employed by cybercriminals are themselves diverse and complex; they straddle the divide between technology and human factors. Having a workforce that pulls together multiple talents, experiences, and skills from across different cultures will help to build a more creative problem-solving approach to managing the cybersecurity problems we face.
Resources for Ethnic Minority Employees in Cybersecurity
- International Consortium of Minority Cybersecurity Professionals (ICMCP): dedicated to the academic and professional success of minority groups in cybersecurity.
- Hispanic IT and IT Security Professionals Network
- Blak Cyber (note this is not misspelled)
- International Consortium of Minority Cybersecurity Professionals (ICMCP)
- Women and Minorities in Cybersecurity
- ICMCP National Conference, 17-19 September, 2018, Atlanta, Georgia: https://conference.icmcp.org/
Cybersecurity Scholarship Opportunities From InfoSec Institute
InfoSec Institute just launched a new cybersecurity scholarship program to help close the growing cybersecurity skills gap and encourage new talent to join the industry. It awards over $50,000 in training courses to four recipients each year. Valued at $12,600 each, the scholarships guide aspiring security professionals through a progressive career path.
Scholarships target underrepresented groups in cybersecurity (including women and minorities), and include certification exam vouchers to give recipients the skills, credentials and experience needed to secure a professional-level cybersecurity position. Selection criteria varies by scholarship, but exclusively focuses on those seeking a career in cybersecurity. Available scholarships include:
- Women in Cybersecurity Scholarship
- Diversity in Cybersecurity Scholarship
- Military Cybersecurity Scholarship
- Undergraduate Cybersecurity Scholarship
- Article on women in cybersecurity link here
- Information is Beautiful, Diversity in Tech: https://informationisbeautiful.net/visualizations/diversity-in-tech/
- DataUSA: https://datausa.io/profile/soc/151122/
- (ISC)2 , Innovation Through Inclusion Report: https://www.isc2.org/-/media/Files/Research/Innovation-Through-Inclusion-Report.ashx
- McKinsey, Why diversity matters: https://www.mckinsey.com/business-functions/organization/our-insights/why-diversity-matters
- Ascend: https://www.ascendleadership.org/page/research
- Kapor Center for Social Impact, Tech leavers: http://www.kaporcenter.org/tech-leavers/