New (ISC)² Research Reveals the Challenges and Opportunities Associated with Diversity, Equity and Inclusion in the Cybersecurity Community
Firsthand accounts from diverse professionals in the field provide insights on the critical importance of DEI initiatives
Clearwater, Fla., Oct. 18, 2021 – (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today published a new research study that highlights the unique challenges diverse cybersecurity professionals around the world face and provides recommendations to create positive change. “In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity” provides rare access to the personal experiences of minority cybersecurity practitioners, providing a lens with which to view the concepts of equity and inclusion in today’s workplaces.
The focus group research included diverse professionals from nine countries across the globe and asked how DEI is defined in different regions, why creating DEI programs that work is so difficult, the types of work-related challenges diverse professionals face, and what strategies they believe are successful when building diverse cultures. The study outlines eight recommendations for improving DEI in cybersecurity teams, from implementing cultural sensitivity training to documenting clear advancement practices.
“The most effective way to build awareness of the need for DEI is to help convey the real experiences of diverse professionals to all of their peers. Instead of focusing on statistics and demographics, we listened to the concerns raised and challenges faced by these individuals and are doing our best to amplify their voices,” said Clar Rosso, CEO, (ISC)². “What we found is that many issues are universal to the experiences of diverse professionals no matter where they live and work. That tells us that the strategies and solutions to improve organizational practices also have a lot in common, including overcoming unconscious bias, providing pathways for advancement, hiring diverse leaders and championing equitable pay structures.”
Following is a small selection of the respondents’ firsthand accounts and advice in the report:
- “The diversity of thought is a global crisis. I mean, it needs to be in the cybersecurity workforce or else nothing’s going to be secure in this world.”
- “My organization has made DEI training mandatory and not voluntary like it used to be. They have also hired several women for key leadership positions. I’ve witnessed a change in the past year with more people sharing their ideas and collaborating, rather than everyone trying to protect their territory.”
- “I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own. They get credit for my talent. It would burn me so bad but, yet, I didn’t really have anyone to lean on.”
- “As the only woman in my team, I always had a hard time finding a mentor I could relate to or who gave honest advice. I often felt lonely and had to learn a lot of things through trial and error.”
- “It’s easy to start an initiative when the global temperature on diversity is so high. However, DEI initiatives typically don’t get fast results. They are a slow, tedious process that requires ongoing commitment and dedication from the whole organization, along with designated performance metrics that help to track success and keep stakeholders’ motivation up.”
- “In the public sector in the U.S., there has been a lot of focus on getting more women, getting more minorities and getting everyone to share their story. Hiring diverse professionals, with less solid skill sets and putting together work teams with an experienced leader that helps everyone get to a similar level of skill set. Having diverse teams to promote different ideas and perspectives, not only their cybersecurity-related skills.”
- “We see a lot of diverse professionals in entry-level positions. But they don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them. They feel lost.”
- “We need more Black women and Latinas in cybersecurity, speaking, showcasing their talent, being the trailblazers and paving the path for others knowing that these cybersecurity careers exist, and that it’s personal.”
- “Cybersecurity today should be a topic as important as fire safety or health education. We need to start building awareness earlier on so children start embracing it from a young age, dreaming about becoming a cybersecurity officer just as they dream of becoming a fireman or a doctor.”
The study was released in conjunction with the InclusionREADY program at this week’s annual (ISC)² Security Congress, taking place virtually from October 18-20. The conference features a DEI-focused keynote presentation and five breakout sessions, including an overview of and panel discussion about the research report on Monday, October 18 at 4:15 p.m. EDT. (ISC)² will also host a virtual DEI booth from which attendees can download the DEI strategic plan for the association, along with other helpful guides for understanding and implementing their own DEI initiatives. (ISC)² established a Global DEI Task Force earlier this year and launched a DEI Resource Center where it hosts a growing number of informational resources for individuals and organizations who are on a DEI journey.
For more information on DEI resources from (ISC)², please visit: https://www.isc2.org/dei
Follow the conversation on social media via #InclusionREADY.
(ISC)² commissioned Synergia Multicultural Research and Strategy (Synergia) to conduct a global qualitative study that would help the organization define where the cybersecurity profession stands today on the diversity spectrum.
- A total of 22 respondents participated in the research.
- Seven 90-minute focus groups and one individual interview were conducted from
May 18 to May 26, 2021. Groups were conducted in English by a seasoned moderator from Synergia Multicultural Research and Strategy.
- Countries represented in this research included: United States, United Kingdom, Germany, Croatia, Serbia, Singapore, Malaysia, South Africa and Canada.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 158,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2021 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.
Corporate Public Relations Manager