Large group of people in a conference room

May 16 2024

DEI’s Essential Role in Creating Resilience in the Security Sector

As technology and digital spaces pervade our lives and work, diversity is more important than ever. Particularly in the security sector, diversity has become essential to effectively address the unique challenges and threats we face today.

While there are some in the industry who view diversity, equity, and inclusion (DEI) as a distraction, the truth is, DEI needs to be a rising strategic effort across industries. In security, it’s critical to understand where we sit in our own DEI journey, why we need to keep going, and how to put it all into action.

Understanding the Current State of Diversity in Security 
Simply put, our industry isn’t known for its diversity. Professional security roles have been largely male dominated for decades. However, 2023 data shows that some change is underway. The ISC2 Cybersecurity Workforce Study uncovered that while 70% of cybersecurity workers over 60 are white men, this percentage drops significantly to 37% in the under 30 age group.

While it’s promising to see diversity increasing from a race and ethnicity perspective, we must acknowledge there’s been little progress in gender equity. ISC2’s data shows only 24% of cybersecurity workers under 30 are women, and the numbers are similar across age groups – 20% in the 30-38 group, 15% for those 39-49, 16% aged 50-59, and 15% for 60 and over. There are some silver linings, though. Diversity is increasing in the millennial and Gen Z age groups, as well as more racial diversity among women – 31% of female workers aged 38 and under are non-white women.

Still, the progress is slow – there’s much more work that needs to be done to achieve better results and higher value innovations to safeguard our industry from outside threats and disruption.

Challenges to Achieving DEI Progress in Security 
When it comes to achieving progress in DEI, the journey will be long and the challenges are numerous, but we can’t shy away from this important work. Security is woefully under-represented when it comes to women and the BIPOC community, especially at the individual contributor and leadership levels. There’s a pool of top talent being overlooked, when they should be intentionally cultivated, recruited, and hired – especially considering there will be 3.5 million unfilled cybersecurity jobs available by 2025, according to Cybersecurity Ventures.

In a lot of cases the hiring managers in this sector come from traditional pipelines like law enforcement, and candidates with similar backgrounds tend to be more attractive for hiring. It’s also important to note these candidates are strong SMEs that we do need for the security workforce – we don’t want to discount their value – but that pipeline doesn’t provide a full roster of the types of people we need. Not to mention, when we recruit too heavily from candidate pools of similar background, we’re limiting our thinking, leaving us vulnerable to threats coming from diverse sources.

While some progress will happen organically as more security leaders are developed internally within corporations instead of being hired upon retirement from law enforcement, government, or military careers, we can’t rest on this alone. This type of transition takes time and happens across age groups, but it’s our responsibility to accelerate this progress.

In addition to traditional pipelines, long-standing cultural biases and a lack of understanding within high school and college-age students about security-related career paths are hindering diversity in our industry. There’s a need for organizations across the security industry to come together to produce content and messaging that shows minority groups there is a place for them within the security field.

Why the Security Industry Needs DEI 
There’s no rocket science here. The security industry stands to benefit from diversity in similar ways to other industries. Making DEI part of business strategies leads to recruitment of top talent, more varied ideation, and new thought processes when it comes to issues resolution. Unlike some other industries, in security, there are very real threats associated with not prioritizing DEI. The threat agents who seek to attack us are not limiting their thinking, and neither should we.

Overall, the security industry needs DEI because:
• Representation matters. Having a workforce that more authentically represents the varied communities we are protecting helps us build a stronger and more resilient security landscape.
• A robust pipeline is always better. More diverse candidates bring varied perspectives, skills, and experiences to security roles. A diverse talent pool at all levels ensures the future of this industry.
• Innovation happens with diverse mindsets. Bringing people from different backgrounds together means inviting unique viewpoints and approaches to problem-solving. Diversity of thought is critical to more effective security strategies and solutions.
• Blind spots can be addressed. A homogeneous team has blind spots in its approach. Embracing DEI means identifying and addressing vulnerabilities that may have gone unnoticed. Diverse perspectives mean anticipating and mitigating risks more effectively.
• It’s critical to understand cultural nuance. In the security industry, we interact with diverse communities. Having a robust team that understands cultural nuance and sensitivities leads to more effective communication, trust-building, and conflict resolution.
• We need to challenge bias. Breaking down stereotypes and promoting inclusivity not only removes barriers when addressing security challenges, it also creates a welcoming environment that a more diverse candidate pool wants to work in.
• More collaborative efforts mean better impact. As security leaders we must continue to come together to develop DEI programming, recruitment strategies, and collect more data on our industry. Every aspect of the security sector is impacted by this collaboration.

For individual companies, prioritizing DEI can lead to more profitable outcomes and less overall risk. For the industry at large, DEI is essential to become more resilient, more effective, and in ensuring our long-term success.

Putting the DEI Conversation into Action 
Our industry needs leaders to recognize the value of diversity and cultivate a workforce of diverse candidates who are ready to fill these roles. In theory there’s agreement on this across the board, as we know siloed thinking leads to siloed protections. However, putting this into action still lags, meaning significant change isn’t happening. We’ve been hard at work, though, collaborating with other security organizations to create an initiative that promotes a coalition to directly address the desire and need within the security space for more action on the DEI front.

As the threat landscape evolves, we need to identify new and innovative approaches for protecting people and assets from the increasingly sophisticated attacks we’re seeing. We must prioritize diversity of thought, be inclusive of these diverse perspectives, and create equitable opportunity for diverse thinkers to have a place in our industry.

Through this coalition, which we convened on May 14, TSF brought security organizations together to drive meaningful, action-oriented progress in DEI. This unified front will seek to safeguard the most effective, comprehensive defense tactics as part of an unwavering commitment to supporting U.S. interests and entities around the world.

We will be recapping our conversations from the 2024 DEI Summit and sharing actionable ideas for how we’ll drive progress forward.