We are struggling to contain an invisible enemy: cyber-attacks that can bring down businesses, utility grids, medical systems, even national economies. Yet we are unnecessarily handicapping our defense systems. Why? We have not deployed the full range of talent and brain power at our disposal. Only a quarter of cyber workers are women – and only 4% identify as Hispanic and 9% as Black.
Research increasingly shows that diverse teams grow better, perform better, deliver better, and build better products. A McKinsey study found that companies with greater gender diversity are more likely to see higher financial returns. “More diverse companies are better able to win top talent and improve their...decision making,” the authors write, “and all that leads to a virtuous cycle of increasing returns.
Yet, as the Aspen Institute has noted: “The [cyber] field remains remarkably homogeneous, both among technical practitioners and policy thinkers, and there are few model programs or initiatives that have demonstrated real progress in building diverse and inclusive teams.”
This is a wakeup call that, as an industry, we need to do more. To start, we need to develop more effective recruitment programs. Industry leaders need to understand – and address – cybersecurity’s reputation as a field that is often intimidating and difficult to enter, especially for women and people of color.
It doesn’t have to be that way. For example, potential applicants often assume our jobs require at least a computer science degree. In fact, there are plenty of cybersecurity careers that are suited to a completely different educational background and training – such as business skills and the ability to monitor workflows.
Threat hunting typically involves scouring the internet – a research skill; while vulnerability management requires a knowledge of tools and technologies that can only be taught on the job. Sales professionals need marketing skills – and all aspects of cybersecurity need support from talented writers who can translate complex subjects into clear prose to reach decision makers or to communicate with stakeholders during a crisis. We have even benefitted from the complex management skills of event planners during a breach (which, fundamentally, is a large-scale event requiring an organized, nimble response – as well as fast-thinking and problem solving.)
And all critical cyber jobs require curiosity, team spirit, and a commitment to lifelong learning.
Cybersecurity would likely be more appealing to women, people of color, and other minorities if we elevated more role models.
Cybersecurity would likely be more appealing to women, people of color, and other minorities if we elevated more role models. It’s hard to encourage diverse applicants to apply for jobs if they don’t see people who look like them flourishing in cyber careers. Elevating role models will also help us retain top talent.
Digging deep during the initial hiring process also improves retention rates by ensuring new hires are a good fit. We should look beyond degrees and college names on a resume and consider the whole person: Does she have an analytical mind? Is he a problem-solver? What about grit and resilience – traits needed during long days in the wake of a breach?
When I interview candidates, I’m alert to whether candidates are prepared and if they ask good questions. Does the person bring a fresh perspective and an ability to connect the dots? These qualities help a job candidate thrive in a cyber career.
Leaders of companies and government enterprises in the cyber sector should be motivated to diversify. At SAP, diversity drives our innovation across all dimensions – be it gender, ethnicity, sexual identity, impairments, culture, race, or age. For example, we've launched partnerships with historically black colleges and universities (HBCUs) to recruit racially diverse candidates. And I’m pleased to note that my own team is 50% women.
Above all, we need to amplify the message of how deeply satisfying cyber careers are. In an era when top talent is drawn to professions with a sense of purpose, cybersecurity stands out as an industry with one fundamental mission: To keep the world safe.
Given the ever emerging and evolving cyber threats around the globe, we need a defense force that reflects the widest possible range of backgrounds, ideas, and perspectives.
That’s also why we need to ensure that no talent is left on the table. Given the ever emerging and evolving cyber threats around the globe, we need a defense force that reflects the widest possible range of backgrounds, ideas, and perspectives. Diversifying cyber isn’t just about good business, it’s also central to our security.
SAP Chief Trust Officer Elena Kvochko’s expertise goes beyond cybersecurity to a long record of building diverse teams in finance and now enterprise software.