June has long been an important month for the LGBTQ community. In 1969, the Stonewall Uprising in New York represented a turning point for the Gay Liberation Movement. As a result, the last Sunday of June (the date the uprising took place) was originally celebrated as ‘Gay Pride Day’ across the United States.
Since then, this has grown to include a series of events throughout June celebrating diversity. Today, celebrations include Pride parades, parties, concerts, and even workshops. June is therefore a month that represents an opportunity for all to reflect on how we are contributing to building a more equal, just society.
For those of us in the cybersecurity field, it’s time to recognize a perennial problem once again: our industry has not yet managed to embrace the value of diversity to the extent other industries have.
This is a big issue with no easy solutions. In this article, we explore how security firms and individual teams can start to build real diversity, from the hiring process onward. Start to implement these tips today, and by the time the next Pride Month rolls around in June 2022, your organization may be more diverse – and more successful for it.
Why Tech is Lacking in Diversity
Despite initial progress, the cybersecurity industry – and STEM field at large – remains overwhelmingly white, male, and heterosexual. Tech companies are well aware of this, and many have taken steps to address diversity issues. But efforts often amount to little more than marketing ploys or PR stunts, leaving minority cybersecurity experts wondering when we’ll see substantive change.
To give one example, Facebook and Microsoft posted about this Equal Pay Day showing that they now pay men and women the same salary for the same role. Yet Facebook’s global workforce remains 63% male, while Microsoft’s workforce stands at 71% male, according to their most recent Diversity and Inclusion reports.
These numbers are on par for the course in the technology sector, while many companies are much worse. It seems more than a touch short-sighted when one considers that companies with more balanced teams of ethnicity and gender, have repeatedly proven to perform more effectivelythan companies that do not.
In short, the cybersecurity sector still has significant challenges to overcome, and hiring a truly diverse workforce is one. So, how can cyber firms and security teams take steps toward greater diversity?
1. Embrace Remote Hiring
Look at how the world has changed over the last 12 months, and think about how this digital evolution can help your business. One of the biggest developments in the last year has been the noteworthy increase in the number of people working remotely or from home.
Hiring remote workers corporations offers several advantages. One of these may be obvious: it can be more affordable for your business. The average freelance remote worker in the U.S. today charges less than $50 an hour for their services. Many of these professionals are highly experienced from working full time at companies in their respective industries before the pandemic; the tradeoff for them is more flexibility in terms of the hours they work, which may help them juggle family life.
But just as importantly, the rise of remote work has also created significant opportunities for teams looking to become more diverse. Hiring freelancers and other remote workers also gives you a much bigger pool of talent from which to draw.
Similarly, consider using remote work tools during the interview process. Many introverts (which is a lot of us tech nerds) find traditional hiring practices intimidating when we must sit in front of a panel of interviewers and talk about ourselves. Consider appealing to talented introverts by making use of popular platforms like HireVue which allow applicants to record their interview responses.
2. Reaching Diverse Communities
Making the right choice between interviewees is only part of the battle. You can only employ people who actually see your job ads, and as a community, the cybersecurity world can be a fairly insular one. It can be tempting to think that valuable employees can only be found among an elite group of technical experts on membership-only tech-hiring boards, but the reality is the majority of what we do can be learned on the job with dedication combined with technical aptitude and strong mentorship.
One of the most effective ways to improve diversity in cybersecurity teams is simply to post job ads in non-traditional places, including local job boards and online forums accessible to all, such as LinkedIn and even your company’s social media. If you post jobs exclusively on sites that require paid memberships, you are likely to attract a very shallow pool of candidates to choose from.
Alongside this type of outreach, take advantage of other programs designed to foster diversity in the industry. For example, there are many events for women in cybersecurity that give access to highly-motivated professionals who could be your next hires. Recruiting at university job fairs is another great option which can help you bring onboard fresh talent that you can mentor.
3. Humanize HR
Look at the way candidates experience your HR department. Since this will likely be the first department they deal with in your organization, the way this interaction progresses can say a lot about you as a company. Educate your HR department and hiring team about issues like unconscious bias in the hiring process, and the role that clear and regular digital communication plays in the way your company communicates with candidates – both those who you choose to hire, and those who may not make the cut this time. Since cybersecurity is a smaller world than you’d think, a short email letting an applicant know the outcome of their job interview may influence whether or not they decide to reapply for a job with your company in years to come when they have more experiance, and more value to contribute to your company culture.
On that note, artificial intelligence (AI) can offer numerous benefits in data science, automation, and administrative tasks. But if you use AI in hiring, such as common Applicant Tracking Systems, be cognizant of bias in those systems as well. AI is created by humans, and humans are often biased without realizing it. The first step to increasing diversity is recognizing bias – in your own mind and in your hiring algorithms – so you can take steps to eliminate it.
4. Look for Ability Over Experience
Review the way your job descriptions are written and structured. Chances are they contain a very long list of ‘required skills,’ which are probably of limited utility on the job, and may even be inaccurate or outdated. Putting a laundry list of requirements on a job ad can really limit the quality of candidates you see because many of them will think there is no point applying.
Instead, look for ability rather than strictly-defined skills. Employees who have founded their own companies, for example, may be much more valuable than those who have simply done dozens of generic online courses. This is especially true when it comes to minorities who have been brave enough to do so. Research indicates only 17% of founders in the fintech sector are female. In the venture capital sector, things look even worse at just 3%.
This needs to change, and you can be on the front end of hiring smart, capable candidates who bring diverse ideas to your company. If you spot someone who is from an under-represented minority and has also been successful in business, snap them up straight away. Don’t waste time asking if they’ve held a position for the ‘7-10 years’ listed on your job portal. New ideas from different backgrounds are important too.
5. Keep an Open Mind
Finally, keep an open mind when it comes to looking through resumes and interviewing. The nature of employment today means that many of your ingrained ideas about what constitutes a great resume may be a little out of date. A good example of this is employment gaps in candidate work histories.
A decade ago, having a lacuna – as many have experienced during the pandemic – would cause a problem in getting hired. Today, a so-called work gap of this type could appear because a potential employee was raising a child or taking a career sabbatical to further their studies. Skills learned outside the industry can be just as useful as those learned on the job, so these gaps should no longer be looked down upon or called out in an interview.
Also, consider different types of diversitywhen hiring. Diversity is not just a box to check off – think about the identities you can’t see. People who are differently abled (for example, those with autism or speech impediments), may struggle significantly with in-person interviews. But this doesn’t mean these applicants wouldn’t be a great fit for your company in different types of roles.
Ultimately, diversifying your hiring practices is not just about creating a fairer workplace. Rather, it’s about making the most of the talent available to you. Research suggests there could be a shortage of as many as 3.5 million professionals in the cybersecurity industry this year, yet only 34% of U.S. job listings include an equal opportunity statement.
Take these two statistics together, and you’ll immediately see the problem here is actually twofold. Be a company that takes substantive steps to increase diversity, and not a company who merely uses diversity as a publicity stunt.