3 minute read
DIVERSITY IS NOT ONLY AN ETHICAL ESSENTIAL: YOUR BOTTOM LINE DEPENDS ON IT
by Ginger Spitzer, Executive Director, ISACA One In Tech
Inclusive workplace cultures foster a more diverse workforce
It is increasingly apparent a global cybersecurity skills shortage persists, and we do not have sufficient talent to fill the rapidly increasing number of available positions. ISACA’s survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, showed 63 percent of organisations having unfilled cybersecurity positions, an increase on the previous year. Furthermore, 82 percent of respondents predicted demand for technical cybersecurity roles, and for cybersecurity management roles in particular, would increase in 2023.
While the skills shortage is a significant challenge that places organisations in vulnerable security positions, we must also see the hiring blitz as an opportunity to increase diversity in the sector. A more diverse workforce is more innovative and more productive, and these attributes have a positive effect on an organisation’s bottom line.
Enabling Career Pivots
Empowering and resourcing individuals to move into cyber careers requires a collective effort that, fortunately, is becoming more common. Necessity has, thankfully, allowed organisations to ‘look outside the box’ for talent, and a wonderful aspect of cybersecurity is that individuals with certain attributes, regardless of the sector they currently work in, may be suited to a career in cybersecurity.
We have seen many excellent cybersecurity professionals pivot from other sectors including health, law enforcement, military, other IT-adjacent fields, or studying seemingly unrelated subject in the humanities such as World Language, Literature, or History.
Over the past few years there has been an increase in partnerships between non-profits, professional organisations, academic institutes, corporations, foundations and governments to address the skills shortage and build the cybersecurity workforce.
This is a positive step, because it will take a collective of partners to train and resource untapped talent and to ensure individuals have strong pathways and placement opportunities.
Interestingly, ISACA’s State of Cybersecurity 2022 report indicated the greatest skills shortage in cybersecurity (54 percent) to be in soft skills: communication, flexibility and leadership.
Specifically, ISACA highlighted the top five soft skills needed as being communication-listening and speaking skills (57 percent); critical thinking (56 percent); problem-solving (49 percent); teamworkcollaboration and cooperation (44 percent); attention to detail (38 percent).
Many women naturally bring these attributes to the table and find the transition to cybersecurity more seamless than often anticipated, because they are capable in these life skills.
Building Diversity
Years of individuals being excluded because of bias and other factors have created a tech workforce with very little diversity, and the exclusion of various cohorts negatively affects technology development, because it is necessary to have multiple perspectives (gender, cultural, ability, age, etc.) driving technology innovation to ensure the outcomes are applicable to all users.
There are many non-profits and other organisations dedicated to building diversity as well as inclusion in the cybersecurity workforce. This includes well-known organisations such as Women in Cybersecurity (WiCyS), the International Consortium of Minority Cybersecurity Professionals (now Cyversity), the International Organization of Black Security Executives; Women in Security and Privacy; Minorities in Cybersecurity; and many other country-specific organisations including the Australian Women in Security Network.
ISACA Foundation One In Tech was launched three years ago to promote diversity through scholarships, programs, events and community. While many corporations provide resources to build diversity internally, which is a positive step, inclusion must also be prioritised because the two go hand-in-hand. Organisations can find retaining a diverse workforce challenging if inclusion is not part of the culture or DNA of the company.
One in Tech is successfully removing barriers to ensure all individuals receive equitable access to begin and advance their careers in cybersecurity.
SUPPORTING THE CHANGE-MAKERS
Employers are the key to increased diversity. While mentoring, training programs, resources and all types of support offered to under-represented populations are valuable, focusing on those who are excluded puts the onus on them to change the status. However, the only way to truly change is to ensure corporations understand the critical need for diversity not only as an ethical issue but as a business case. Diverse employee teams are far more innovative and productive, and company profits increase with increased diversity.
As Esanju Maseka, an audit professional who assesses governance over cybersecurity controls, and a member of the ISACA Emerging Trends Working Group based in Melbourne, says: “Cyber teams have a broader perspective of vulnerability scenarios to consider as they plan defence tactics or strategies. Diversity allows for different skillsets to be brought to the table. It prevents omission errors in detection or protection software because attributes of a larger pool of individuals can be included.” www.linkedin.com/in/vspitzer www.linkedin.com/in/esanju-maseka-2b022852
The ISACA State of Cybersecurity survey also found 30 percent of security professionals surveyed leaving their job because of poor workplace culture and environment, and eight percent leaving because of a lack of workplace diversity.
These are significant numbers that must be addressed by company-wide decision-making and a change in culture.
