Women currently represent about 20% of people working in the field of cybersecurity, and the number of women in cybersecurity is growing; organizations must address the diversity debt to capture and retain this new labor force. Also, by 2023, the number of employed people with disabilities will triple due to AI and emerging technologies that will reduce barriers to employment. Technology providers must be prepared to tap into these talent pools.
We have all spent considerable time discussing the cybersecurity skills shortage. However, with the future of security no longer confined to cubicles and office corridors and with the realities of digital transformation, it’s time we also transformed how we hire cybersecurity professionals. This will require an increased focused on hiring and retaining women and other diverse candidates.
Be intentional with your recruiting sources. Recruit candidates who offer diverse perspectives by focusing on measuring, altering, and elevating diversity for all recruiting sources. Diversify recruiting sources by working with human resources to build a talent pipeline, for example, by partnering with local certification programs and focusing on underrepresented communities. The Women’s Security Alliance (WomSA) is a nonprofit organization that empowers women by aligning their strengths and interests with a cybersecurity career path. Darlene Taylor, chief information officer for Novares and executive sponsor said, “Access to cybersecurity talent is more critical than ever due to the increased attacks and changing tactics by cyber criminals . . . Organizations like WomSA are important to helping make our world a safer and better place.”
The wording in job descriptions matters. It’s important to eliminate words that signal bias; for example, avoid words like “expert” and “authority.” Tools like Textio can help with this issue. The benefit of avoiding bias in job descriptions lies in the decreased time to fill your next role (see below).
Mistakes We Make
Too often, tech companies exacerbate the cybersecurity skills shortage by making key mistakes.
- Sub-optimal recruiting practices have left many technology companies looking for candidates who are the “right fit,” missing opportunities to attract diverse candidates.
- Technology providers use limited recruiting sources that are dependent on poorly designed employee referral systems, thereby undercutting their diversity and inclusion goals.
- By limiting the geographies from which talent is recruited, employers fail to tap into diverse talent pools.
- Poorly worded job postings repel diverse candidates or fail to clearly define the requirements for the position.
Begin the journey to overcome the challenges of the cybersecurity skills shortage by taking two initial steps to recruit and retain women:
- Increase diversity by balancing the candidate slate with candidates from multiple recruiting channels.
- For example, build alliances with local community groups that support underrepresented groups, such as the Michigan Council for Women in Technology Foundation (MCWT)
- Be intentional in choosing the colleges and university you recruit from, prioritizing schools that graduate higher numbers of women and other underrepresented groups
- Improve job descriptions and broaden pipelines with long-term planning to attract candidates with diverse perspectives.
- For example, one company found that changing a job title from “hacker” to “security engineer” doubled the number of female applicants.
- Review your candidate selection process
- Survey candidates and recent hires for continuous feedback on recruiting and hiring practices by demographics to identify opportunities for improvement.
- Evaluate your recruiting teams for diversity and balance.
- Establish a governance process to address issues and alter processes as needed.
- Identify opportunities to elevate and include underrepresented minorities in candidate-facing recruiting roles.