MLK Day 2017: Diversity in Cybersecurity Matters

The cybersecurity workforce has a serious diversity problem. According to recent industry surveys, only 11% of cybersecurity professionals are women, and only 8% are Black or Hispanic. For an industry that's supposed to be protecting everyone, those numbers are embarrassing.

On Martin Luther King Jr. Day, it's worth talking about why this matters and what it means for the practices and businesses that depend on cybersecurity professionals.

Why Diversity Makes Security Better

This isn't just about fairness or representation (though those matter). Diverse teams actually produce better security outcomes. Here's why:

Different Perspectives Catch Different Threats

When everyone on a security team comes from the same background, they tend to think about problems the same way. They have similar blind spots. Attackers exploit those blind spots.

Diverse teams bring different perspectives, different ways of thinking about problems, and different experiences that help identify vulnerabilities others might miss.

Better Understanding of User Behavior

Good security has to account for how real people actually behave. If your security team doesn't reflect the diversity of your user base, they're more likely to design security controls that work well for people like them but create problems for everyone else.

That leads to security controls that get bypassed because they're too cumbersome, which makes everyone less secure.

More Creative Problem Solving

Cybersecurity is fundamentally about solving problems that don't have obvious answers. Study after study shows that diverse teams are better at creative problem solving than homogeneous teams.

When you're trying to defend against attackers who are constantly inventing new techniques, creativity matters.

The Pipeline Problem

The cybersecurity industry likes to blame the diversity gap on the "pipeline," meaning there aren't enough women and minorities studying computer science or entering tech fields. That's partly true, but it's also a cop-out.

Yes, we need to do better at encouraging young people from all backgrounds to pursue tech careers. But we also need to look at why people leave the industry, why they don't feel welcome, and what barriers exist even for those who do make it into cybersecurity roles.

What This Means for Your Practice

If you're running a dental practice, a law firm, a medical office, or an accounting firm, you might be thinking "this is interesting, but what does it have to do with me?"

Fair question. Here's the connection:

When you hire an IT company or a cybersecurity consultant, you're trusting them to protect your data, your patients, and your business. You want the best possible people working on that problem. A more diverse cybersecurity workforce means a deeper talent pool, better problem solving, and ultimately better protection for your practice.

You can also ask your IT vendors about their commitment to diversity. Do they actively recruit from diverse talent pools? Do they create environments where people from all backgrounds can succeed? These questions matter because they affect the quality of service you receive.

What We're Doing

At Robell Technologies, we're thinking about this issue. We're small enough that one hiring decision can significantly change our team's diversity. We're working on:

• Partnering with organizations that help underrepresented groups enter tech fields
• Writing job descriptions that focus on skills and potential rather than traditional credentials
• Creating flexible work arrangements that accommodate different life situations
• Being intentional about who we invite to interview and who gets opportunities for advancement

We're not perfect at this. Nobody is. But we're trying to do better, because we believe it makes us better at serving our clients.

The Bigger Picture

Dr. King talked about the "fierce urgency of now." Cybersecurity threats aren't waiting for the industry to get its diversity house in order. Practices and businesses are getting attacked today, and they need the best possible protection today.

Building a more diverse cybersecurity workforce isn't just the right thing to do morally. It's also the practical thing to do if we want to actually solve the security problems facing businesses and organizations.

The industry is slowly getting better. More scholarships for underrepresented groups, more mentorship programs, more companies publicly committing to diversity goals. But change is slow, and there's a long way to go.

What You Can Do

If you care about this issue (and you should, both because it's right and because it affects the security services you depend on), here are some concrete things you can do:

• Ask your IT vendors about their diversity commitments and hold them accountable
• Support organizations that help underrepresented groups enter tech careers
• If you have kids or know young people considering careers, encourage those from underrepresented groups to explore tech and cybersecurity
• When you see good examples of companies doing diversity well, give them credit and recommend them to others

On MLK Day, we remember Dr. King's vision of a society where people are judged by their character and capabilities, not by their race or gender. The cybersecurity industry isn't there yet, but we can all push it in the right direction.