TL;DR
- Diverse cybersecurity teams make better decisions and drive stronger business outcomes.
- Early, equitable cybersecurity education helps open doors for underrepresented communities.
- Industry jargon and elitist language can alienate new talent — use clear, relatable communication.
- Practical, real-world training makes cybersecurity more relevant and approachable.
- Cybrary supports inclusive, hands-on learning to help build a more diverse cybersecurity workforce.
A diverse workforce is a stronger, more effective workforce. Study after study confirms this fact. Companies that prioritize diversity, research shows, regularly make more informed and accurate decisions. They also perform better, sometimes bringing in as much as 36 percent more money than more homogeneous teams, according to McKinsey. Other studies have even found that diverse companies produce less turnover.
Despite these benefits, the cybersecurity and IT industry has historically suffered from a distinct lack of diversity. Although there are signs that this is slowly changing — ISC2 found that 66 percent of cyber professionals who joined the field in the past year were not white — recent data shows that minorities represent only a small portion of the cybersecurity workforce. Black and Hispanic professionals, for example, make up only 11 and 12 percent, respectively.
Obviously, there remains much work to be done. But what can organizations actually do to increase diversity in their workplace?
Start cybersecurity education early
Effective outreach is often at the heart of diversity initiatives. After all, the reason why a workforce lacks diversity, whether racial or gender, can be traced to a lack of access. But for Maurice Gibson, Vice President of Product and Operations at CyberForward, basic outreach isn’t enough to solve such a systemic issue. Instead, schools and companies need to ensure that underrepresented groups get this access early.
“There’s a socioeconomic aspect to this,” he said. “Statistically, the earlier you show someone something, the more likely they are to get into the industry. So we need to bring cybersecurity education to students as early as possible and make it as equitable as possible.”
What can companies do on the ground to help promote this? For one, Gibson said, they need to make cybersecurity education more accessible. As an example, he highlighted how companies like Fortinet are already offering free courses for K-12 students, an initiative more companies should follow. Alternatively, they could support organizations like Hack the Hood, which offer a variety of free technical education to underserved groups.
Get rid of the elitism
Another important way of opening up the cybersecurity industry (and perhaps even the tech industry as a whole) is to pay attention to how we speak about it. For too many companies and individuals already in the cybersecurity space, it has become all too commonplace to use language that can be off putting to those outside — which is the last thing we should be doing.
“We talking about red teaming, botnets, DLP, SOAR, SIEM, and IPSs and other industry jargon.” said Gibson. “People don’t know these acronyms, and often feel ‘othered’ before they have had an opportunity to understand the basics. We then expect them to want to enter our industry.”
In other words, language matters, so we should be paying more attention to how we use it. When attempting to attract new entrants into the industry, why not instead try to make cybersecurity more relatable? For instance, talking about defense in depth could be as simple as relating it to locking your phone in the car and your car in the garage. “That’s a relatable example that most people could understand,” said Gibson.
“Cybersecurity can’t be that thing over there. We have to talk about it as part of who we are, as part of what we do. We need to make it ubiquitous.”
Make learning more pragmatic
Building more effective pathways to the cybersecurity industry for minorities should also mean going beyond language and actually making education more applicable to the real world. With nearly 20 years of experience in education, on top of his current role, Gibson highlighted how this point for him is personal.
“My approach to cybersecurity has often been practical,” he said. “That’s because the number of people who look like me in the industry has not always been big. So I’ve had to think about how I can get people who look like me to understand cybersecurity.”
Gibson pointed out how the vast majority of breaches can be traced back to users — a fact that shows how many people don’t realize the connection between cybersecurity and their daily habits. To solve this and pique interest in a field they may not otherwise have, we must instead do a better job of showing how, like it or not, we are all affected by cybersecurity.
“We need to make that connection,” he said. “That way, education around cybersecurity will become more relatable, more realistic, and more useful. And more people will want to start a career.”
Broaden the reach of your cybersecurity education
Want to bring in more diverse talent? Interested in making your cybersecurity educational initiatives more appealing for more people? Building out practical, real-world cybersecurity knowledge is a cornerstone of the Cybrary approach. Our course work and labs are designed with realistic scenarios in mind in order to prepare our users for successful careers. Check out our full catalog to see what we can offer you.
