DEI Recruiting Strategy: Why Is It Crucial in Cybersecurity?

A Lack of Diversity in Staff Is Damaging to Your Security

Cybersecurity is crucial in a world where hackers are becoming increasingly sophisticated and determined to steal your data. Yet it’s tough to hire the right people. Demand for professionals in the industry is multiplying, but there is an acute talent shortage to fill positions.

Equally concerning is the lack of diversity in our industry.

Could a more effective DEI recruiting strategy help to close the skills gap that threatens to expose your business to unnecessary cybersecurity risks and improve your recruiting in a candidate-driven market?

ISACA: Once More Exposes the Growing Talent Gap in Cybersecurity

In its State of Cybersecurity 2022 Global Update on Workforce Efforts, Resources, and Cyberoperations report, ISACA has found that ‘staffing levels, ease of hiring and retention remain pain points across the globe.’ Key findings include:

  • Enterprises are in a battle to retain cybersecurity staff
  • 63% of respondents report unfilled cybersecurity positions
  • Soft skills and cloud computing skills are the two top skills gaps
  • To address skills gaps, companies are training employees and using contractors and consultants

It is becoming more challenging to hire and retain required skills in cybersecurity roles.

The cybersecurity workforce is growing. There are currently around 1.1 million cybersecurity professionals in the United States today. But get this: if all vacant cybersecurity jobs were filled tomorrow, that number would jump to more than 1.8 million jobs, according to jobs data from CyberSeek.

The Industry Is Failing in Diversity

On the face of it, and as discussed in the Innovation through Inclusion Study, diversity in cybersecurity is ahead of the average for U.S. workforces. Minority representation is 26% versus the overall U.S. minority workforce of 21%. However, this masks some damaging statistics.

For example, the employment of racial or ethnic minorities is concentrated in non-management roles. The percentage who hold a role as a director or higher is far below the average in the wider workforce. And of those who do hold senior roles, 62% have obtained a master’s degree or higher, compared to 50% of Caucasian professionals in similar positions – indicating that companies put a higher bar for minority employees to climb the ladder.

Average salaries in cybersecurity show a similar disparity but also a bias toward males:

  • Caucasian males earn an average of $124k
  • Males of color earn an average of $121k
  • Caucasian females earn an average of $121k
  • Females of color earn an average of $115k

In its report on DEI in cybersecurity, Aspen Digital finds that minority groups are making up an increasingly smaller proportion of the industry. And even women – a group that can hardly be called a minority, constituting 51% of the United States population – are poorly represented: only 24% of the cybersecurity workforce is female.

Poor DEI Recruiting Strategy in Cybersecurity Is Asking for Trouble

OK, not only does the lack of diversity in the cybersecurity workforce raise questions about values and hiring practices within the industry, but it also doesn’t acknowledge that performance in cybersecurity could vastly improve with a more open and welcoming hiring strategy.

Our digitally connected world is fully reflective of our societal mix. Those who use and interact with the internet fully represent minority groups, different walks of life, and different educational backgrounds. They are fully diverse in their culture, gender, privileges, education, and mindsets. Yet the makeup of the cybersecurity workforce does not reflect this.

Therefore, how cybersecurity teams think about cybersecurity is restricted in a way that external players aren’t. It lacks thinking outside the box. And that’s dangerous because our cybersecurity innovation is therefore limited. We’re less likely to consider potential issues before they occur. This means that instead of being proactive and ahead of cybercriminals, we risk remaining reactive and continually a step behind.

Companies that have adopted effective DEI policies have found greater success in thwarting cyberattacks. They have benefitted from the differing backgrounds, insights, and knowledge that a diverse workforce with non-traditional thinking brings to the table.

Here are questions for you to ponder:

  • What is most important to you when you next hire for a cybersecurity role?
  • Should you hire for traditional skillsets or for insightful, diversified thinking?
  • Does your current team benefit from a strong DEI strategy, or is it restricted in its culture and narrow representation of society?

In future articles, we will examine DEI issues in finance firms, and we will also discuss ways in which you can improve your DEI strategy in cybersecurity….  Infact come ask us about our CyDEI project!

Meanwhile, we hope we have given you some food for thought. Indeed, we’d love to hear your thoughts. Get in touch and let us know what you’re thinking.

Posted in