Securing Ethnic Diversity in Cybersecurity
he cybersecurity industry has a diversity problem. While most of the people working in this profession are young, white men with technical backgrounds, diversity comes in many forms. The makeup of employees in cybersecurity points to problems not only surrounding diversity with gender and age, but with ethnicity as well.
In fact, the International Consortium of Minority Cybersecurity Professionals was launched in 2014 to help bridge the ‘great cyber divide’ that is caused by the continuous inadequate representation of minorities and women in the rapidly growing cybersecurity sector.
With the industry as a whole struggling to fill jobs with qualified candidates, as evidenced by the 1.8 million unfilled jobs globally by 2022, when it comes to diversity, society at large cannot afford for companies in the industry to be selective about the prospects they hire. Despite the importance surrounding cybersecurity, the industry appears resistant to diversifying beyond the current homogeneous young, white male fraternity.
Diversity in Tech/Cybersecurity
The “Diversity in Tech” infographic created by Information is Beautiful highlights the disparity of employment in ethnic minorities in the technology sector. For example, “Latino” and “Black” employees are massively under-represented across the spectrum, constituting less than 10 percent of the workforce across many large technology organizations, including Apple, Facebook, Google, Salesforce and others.
When talking about the cybersecurity industry specifically, the situation concerning a lack of individuals representing all ethnicities is perpetuated. In Innovation Through Inclusion: The Multicultural Cybersecurity Workforce, (ISC)² determined that while minority representation within the cybersecurity profession (26 percent) is slightly higher than the overall U.S. minority workforce (21 percent), employment among cybersecurity professionals who identify as a racial or ethnic minority tends to be concentrated in non-management positions, with fewer occupying leadership roles, despite being highly educated.
Other studies have found that Blacks, Hispanics, and Asians represent less than 12 percent of the digital security workforce. However, according to data from the U.S. Department of Labor, which publishes the Bureau of Labor Statistics (BLS), “Black or African-American” people make up 15.6 percent of the information security analysts in the U.S., “Asian” men and women represent 12.6 percent and “Hispanic or Latino” individuals compose a mere 4.6 percent of people holding that position.
Minorities in Positions of Leadership
Additionally, the (ISC)² study noted minorities who have advanced into leadership roles often hold higher degrees of academic education than their Caucasian peers who occupy similar positions. While academic degrees do not necessarily imply a more advanced level of skill, they have typically been considered a hiring prerequisite for most employers.
Numbers from DataUSA illustrating the ethnic makeup of employees with the title of ‘Information Security Analyst’ clearly indicate the diversity issue in the profession. According to the data, in 2016, 74 percent of all information security analysts were “White," 12.5 percent identified as “Black or African American” and 7.9 percent as “Asian.”
When it came to salaries, the (ISC)² report revealed there were discrepancies as well. The report found that, on average, minority groups were paid less than their male Caucasian counterparts, with Black females fairing the worst. While the statistics surrounding compensation and leadership certainly aren’t promising, they are not the only problems faced by minorities in the cybersecurity sector.
In addition to findings from the (ISC)² report, “The Illusion of Asian Success” examined challenges faced by racial minorities in Silicon Valley’s tech industry. The report revealed that Asians, despite being hired at a reasonable rate, were less likely to climb the career ladder than white men were. The same rang true for black men and women.
While employers are increasingly taking steps to ensure pay equity and reduce the effect of bias in the workplace for current employees, 32 percent of cybersecurity professionals of color report that they have experienced some form of discrimination in the workplace. And on average, a cybersecurity professional of color earns $115,000, while the overall U.S. cybersecurity workforce average is $122,000. Not only is discrimination and bias preventing people from all backgrounds entering the industry, it is also creating an environment in which under-represented minorities are leaving their jobs, feeling disenfranchised.
The “Tech Leavers” study, conducted by the Kapor Center for Social Impact, examines the reasons why people voluntarily left their jobs in tech. The study revealed that nearly 40 percent of employees surveyed indicated that unfairness or mistreatment played a major role in their decision to leave their company.
Additionally, almost 25 percent of under-represented minorities and women of color experienced stereotyping, and under-represented men and women of color experienced stereotyping at twice the rate of “White” and “Asian” men and women. For men and women of color, being stereotyped was the most significant driver of leaving due to unfairness, and 35% who experienced being stereotyped said it contributed to their decision to leave. The study also found that 40 percent of “Black,” “Hispanic” and “Native American” men left their jobs due to unfairness and racism in the workplace.
With so many challenges facing them, why is it important for individuals from all backgrounds to join the cybersecurity workforce?
Benefits of Diversification
Improving diversity across the cybersecurity industry shouldn't be seen as cumbersome but instead should be championed as an opportunity to improve security by broadening the experiences and viewpoints of the employees with boots on the ground. Cybersecurity is complicated, and diversity makes the representation of different worldviews and experiences easier.
People from different backgrounds will approach information security problems differently, and by nature, cybersecurity is interdisciplinary. Because a lot of even the most difficult cybersecurity challenges have little to no technical element, the ability to come at an issue from various points of view, combining skills, perspectives and situations, will allow organizations to effectively address the multi-faceted, dynamic and ever-evolving threat landscape.
Attackers are not homogenous and security teams should not be homogenous either. Because problem-solving skills and the ability to maintain a holistic view of a challenge is key to resolving a cybersecurity issue, having a team made up of diverse individuals can only work to improve the outcome of their efforts.
As the demographics of the U.S. population continue to become more diversified, the importance of increasing the participation of minorities in the cybersecurity workforce has become absolutely vital. Cybersecurity is one of the biggest challenges to our nation’s national and economic security, and the talent shortfall in the industry highlights the importance of initiatives that ensure all capable talent, regardless of race, ethnicity or sexual orientation feel welcome and included.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.