Enhancing Information Security Through Diversity

Since the first chief information security officer role was established in 1994, the demographic has largely remained the same: white, male, 40s-50s, with a background in IT. Establishing a diverse and inclusive workforce representing a balance of gender, demographics and backgrounds has long been a priority for many organizations, and in information security, numerous data show that achieving this goal for leadership roles and the security workforce at large can translate to more effective teams and better security posture.

Outside of being a socially conscious business strategy, studies have proven that a diverse leadership team is more effective and innovative. In one recent example, companies that reported above-average diversity in their leadership teams also reported greater “innovation revenue” - 45% of revenue coming from initiatives launched within the past three years. In today’s fast-moving business environment, it’s not hard to see how those trends would translate to efficacy in the security function.

In recent years, there has been an ongoing discussion on the negative unemployment rate in the cybersecurity field and the difficulties organizations face in filling open positions. There is no singular solution to this problem, but research summarized through the World Economic Forum showed employers who focus on diversity and inclusion tend to be more desirable to Millennials - meaning that efforts to increase diversity could attract more applicants.

Room for Improvement

Despite the proven efficacy of diverse teams, the demographics of the CISO and those working in cybersecurity has remained largely the same for several decades. With an average of 130 days to fill an open information security position and the projected number of open positions expected to reach 3.5 million by 2021- recruiting strategies must pivot to fill these roles, and actively seeking diverse candidates may be an important piece of that puzzle.

Recent research shows that information security has a large opportunity to improve in this area. 26% of workers in the field identified as a racial or ethnic minority, and 14% were women. 

Within cybersecurity leadership, 62% of minorities reported they have obtained a master’s degree or higher. This is notable compared to the 50% reported by their white counterparts. This difference suggests that minorities are working harder to achieve leadership positions.

Creating a Pipeline

To promote a pipeline of diverse leadership, suggested strategies in the report include mentorship and training programs, executive leadership programs to promote advancement of women and minorities and company-wide recognition programs. 

Over the years, numerous CISO leaders involved in peer communities through Evanta, a Gartner Company, have expressed awareness that hiring practices for cybersecurity talent, such as a reliance on certifications and specific skills, could result in unconscious bias in recruiting. Addressing those concerns in partnership with human resources and recruiting could help improve the talent pipeline.

As most organizations have pivoted to a remote working environment, the demand for expanded cybersecurity programs is increasing. Businesses were forced to function remotely and found more success than expected. Looking forward, several security leaders in Evanta-supported communities have said there is an opportunity to leverage this knowledge to hire more diverse talent as open positions still need to be filled and location is no longer prohibitive, thereby expanding the pool.

Thinking outside the box when considering a candidate can also improve the applicant pool to improve diversity. After all, cybersecurity is a skill that can be learned if given the right training.

“I always look for talent in odd spots, I’ve never been one to just look at past experience -- it’s whoever can do the best job,” said one CISO.

Looking to the future of diversity in the CISO role and security workforce, cybersecurity leaders can enhance the security of their enterprise, benefit from new ideas and fill open positions at a faster pace with a focus on diversity - a win-win scenario for those seeking employment and organizations struggling to fill critical roles.