Why CISOs should prioritize DEI initiatives in 2023

Technology


Editor’s note: This article is from MK Palmore, director of the office of the CISO at Google Cloud. If you would like to submit a guest article, you can submit it here.  

With recent cyberattacks against organizations of all sizes and governments alike, the importance of sharpening cybersecurity across sectors has been recognized globally as a top concern.

However, according to research published by security industry nonprofit ISC(2), while the global cybersecurity workforce added 464,000 jobs over the past year, there is still an employment gap of more than 3.4 million positions. While cybersecurity remains one of the most critical challenges organizations are facing, roles continue to go unfilled. 

So, how do we address this disparity? One solution is to prioritize diversity, equity and inclusion, and recognize how it can impact an organization’s security posture for the better. 

While some industry professionals actively pursue diversity in tech, the numbers show that the majority of security teams fail to put ideas around DEI into practice. Recent findings from the Aspen Digital Tech Policy report note only 4% of cybersecurity workers self-identify as Hispanic, 9% as Black, and 24% as women. Collective cybersecurity ultimately depends on having a diverse, skilled workforce that can implement and transform it. 

As leaders align on their focus for 2023, CISOs should prioritize increasing diversity on their teams and finding new ways to reach untapped talent.

Why DEI matters for CISOs and the cybersecurity industry overall

Software supply chain security remains a critical national security risk. Financially-motivated attacks like ransomware have been studied and documented for decades. Distributed denial-of-service (DDoS) attacks are increasing in frequency and growing in size. 

Threat actors continue to act on poor cyber hygiene and use social engineering to capitalize on our own human vulnerability. 

These are just a few of the top concerns across our industry and yet, while these issues are top of mind and widely agreed upon, the solutions to these challenges over the past few decades remain the same.

This is why diversity in cybersecurity is so critical. CISOs need to stop thinking about how we can solve cybersecurity issues in silo, and instead consider how embracing diverse perspectives may prompt more creative solutions. 

Different mindsets can bring new and better solutions to the table that can mitigate advanced cyberthreats. In security, we work to solve complex problems that often don’t have a clear solution. Addressing the diversity issue in cybersecurity will help us move to the next stage of security itself. 

As cyberattacks increase in frequency and complexity, organizations need unique ideas to detect and defend against emerging threats. Organizations need to embrace individuals from non-traditional talent pools to stay one step ahead.

With new talent comes new ideas and solutions – and embracing perspectives from people with different backgrounds will help organizations anticipate future threats, build solutions in preparation, and avoid potential large scale attacks. 

What can CISOs do to move the diversity needle? 

There are several steps security leaders can take to increase diversity, equity, and inclusion in their organizations this coming year and beyond. 

Hiring managers need to widen the lens.

We must broaden the scope in which talent is identified. This starts with building job descriptions that provide more detail, and are focused on the requirements necessary for success in the role.

Is a traditional four-year college degree necessary, for instance? Challenge the listed bullet points.

The interview process should not just focus on the technical skills a candidate might have, but also take into account a candidate’s level of interest and overall aptitude to be successful.

In doing so, this allows for non-traditional applicants – like those making a career change – to be considered for roles where they bring experience and innovative thinking that may not have traditionally been considered. 

Organizations must embrace ongoing training and employee development.

Industry leaders need to build training programs that are targeted for their existing workforce but also provide assistance for those wanting to break into the industry.

Training shouldn’t stop after the initial onboarding process, or be closed off to members of the security organization we must be open to implementing training and development programs that can help anyone sharpen their cybersecurity skillset, no matter their level of proficiency.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *