In an economic landscape where millions of Americans are faced with mass layoffs and job displacement, cybersecurity remains a beacon of growth. The tech and cybersecurity industries are among the most in-demand, profitable, and critical fields in modern history. The Bureau of Labor Statistics estimates a growth rate of 33% for security analyst employment by 2030. In an industry that represents a path to the diminishing middle class, it’s no surprise that interest in cybersecurity training programs, workshops, and courses is skyrocketing. However, amidst the booming growth is a glaring problem that should alarm all cyber professionals: people of color are being left behind.

According to a (ISC)² workforce study, reported representation of Black, Latino, and Native cybersecurity professionals is significantly lower than general labor force representation and general US population representation. Additionally, members self-identifying in these groups are concentrated in non-management positions despite educational attainment. “Minorities who have advanced into leadership roles often hold higher degrees of academic education than their Caucasian peers who occupy similar positions.” The knee jerk reaction to this disheartening truth is to hire more people of color. But before you send your tech recruiters on a diverse hiring campaign, understand the problem runs deeper than the hiring pipeline. 

Underrepresentation in leadership roles coupled with lower average compensation and fewer reported instances of salary increases seem to create a trifecta of obstacles for people of color pursuing a career in cybersecurity. Additionally, they are disproportionately affected by less tangible barriers to entry and advancement. In the 2017 Global Information Security Workforce Study, 32% of cybersecurity professionals of color who participated in the survey report that they have experienced some form of discrimination in the workplace. Women who identify as Black, Hispanic, Asian or of Native American descent, report the highest numbers of discrimination. In a similar vein, Center for Talent Innovation (CTI) found that 41% of professionals of color felt they needed to compromise their authenticity in order to conform to standards at their company. CTI’s recent research into women in science, engineering, and technology revealed that female respondents in these male-dominated industries feel they have to change the way they communicate, dress, and behave in meetings to thrive at work. 

So what’s the solution? Underrepresentation in cybersecurity is a symptom of deeply ingrained issues that cannot be solved with hiring initiatives. Without the tools to succeed, diverse talent will continue to find themselves underpaid and undervalued. A thorough approach must be taken to transform the industry into a site of prosperity for all. These six lessons will help your team go beyond surface level diversity, and accomplish real workplace equity:

1. Start Early

Disparities in opportunity start early – so should your outreach. Support students of color by taking on interns, creating a scholarship fund, or forming a mentorship program. For example, Emerging Leaders is an Oregon based organization dedicated to improving racial and cultural diversity by connecting talented students of color with leadership-track, paid internships at top companies. By investing in the education and early career of students, your company can create a more level playing field for young, aspiring professionals. 

2. Practice Inclusive Leadership

Leaders must create a safe environment for all team members to speak up and be heard. This necessitates embracing input from employees whose backgrounds or expertise differ from their own. Competent leaders need to foster collaboration, facilitate constructive arguments, give actionable feedback, and act upon the advice of diverse employees. In addition, cybersecurity leaders can make people of color feel valued by prizing authenticity over conformity and understanding that a range of presentation and communication styles can succeed in the workplace. 

3. Leaders Aren’t Born – They’re Nurtured

People of color and those underrepresented in cybersecurity often suffer from imposter syndrome or an urge to alter their behavior to avoid discrimination – also known as code switching. When it comes to promotions, it’s easy to overlook these employees in favor of more assertive, self assured candidates. Closely examine assumptions about what a leader looks and acts like. What talented individuals in your company might be overlooked as a result of these assumptions? Before hiring more people of color, prioritize offering mentorship and training opportunities to the ones on your staff.

4. Form Community Partnerships

Tech companies don’t exist in a vacuum. They are members of rich, vibrant communities. Search for groups like Blacks in Cybersecurity and Women in Cybersecurity (WiCyS) that are championing inclusive tech in your region. Form relationships with these groups through sponsorships, joint fundraising, volunteering, or a myriad of other possibilities.

5. Subsidize Childcare

It is an unfortunate reality that childcare presents an enormous barrier to American families. Half of U.S. families report difficulty finding childcare, according to a survey by the Center for American Progress. Additionally, “low- and middle-income families, families of color, and parents of infants and toddlers have an especially hard time finding care.” Women are more likely to make career sacrifices in order to meet family demands. Childcare relief is hands down one of the largest steps your organization can take to promote inclusion. Examples of potential policies include: daycare reimbursement and/or on-site daycare, paid parental leave, and remote or hybrid work arrangements.

6. Question Outdated Policies

Some rules are in place for excellent reasons – to keep everyone safe or maintain quality control. Other rules don’t accomplish anything and reinforce dominant stigmas. A prime example is stringent dress codes that restrict personal or cultural expression. Be proactive about cutting unnecessary, alienating policies.

The technology and cybersecurity industries have a long history of inaccessibility that will require a multi-pronged solution. While no individual team or company can solve a systemic issue, worthwhile change occurs when leaders create cultures of inclusion and empowerment rather than divisiveness and dominance. With these six lessons, your team is equipped to create an inclusive cyberspace.

* * *

1.  Labor force characteristics by race and ethnicity, 2015, U.S. Bureau of Labor Statistics
2.  Innovation Through Inclusion: The Multicultural Cybersecurity Workforce, 2018
3.  Global Information Security Workforce Study, 2015
4. Global Information Security Workforce Study: Women in Cybersecurity, 2017
5. The Childcare Crisis is Keeping Women Out of the Workplace, 2019