Why Diversity Is Needed in Security
It is now common knowledge that diversity, equity, and inclusion are crucial for a company’s success. Companies refer to a culture and policies that revolve around these principles as “DEI”, a movement that has been on since the 1960s.
Here’s a definition of DEI, albeit oversimplified:
- Diversity is about a corporate culture that hires a range of diverse individuals
- Equity ensures fair treatment and equality of opportunity
- Inclusion is about a culture where everyone feels welcome
Studies show that teams with both men and women outperform teams with less diversity. For the longest time, the impact of diversity used to be subject to debate. But data shows that it is no longer debatable.
Let’s consider a few facts:
- Diverse companies enjoy 2.3 times higher cash flow per employee
- Team performance goes by up to 30% when teams are inclusive
- Diverse management teams had a 19% increase in revenue compared to less diverse teams
Women in IT security
While debates around DEI have moved from “why” to “how” in many fields, IT security is an area where women have a hard time getting an equal playing field. Roughly 20% of developers are female, and that is just about half the overall female representation in the global workforce which hovers around 40%. But cybersecurity lags even further behind in diversity and female participation. The 2017 Women in Cybersecurity report shows us that only 11% of information security professionals are women.
The information security scene needs diversity not only from a social justice standpoint but also as an effective weapon, according to James Hadley, Founder and CEO Immersive Labs on TechCrunch. “This provides an edge. In cybersecurity, where success often relies on doing the unexpected, diversity of thought is a valuable weapon.” says James. He brings up an overlooked aspect of diversity in security: diverse teams are better equipped to counter diverse attacks.
March is Women’s History Month, a good time to see how far women have come in cybersecurity. Many notable women have played a crucial role in the history of security.
Here are just a few of the stellar examples:
- The 1940s: A group called “Code Girls” helped win World War II by cracking German and Japanese codes
- The 1940s: 75% of codebreaking team Bletchley Park that played a crucial role in winning World War II were women
- 1945: Virginia D. Aderholt, a code breaker, was the first American to learn that World War II had formally ended in 1945.
- The 1940s: Many women were the first programmers to work on the “first digital computer” or the ENIAC project at the University of Pennsylvania, calculating weapons’ trajectories.
…. not to mention Ada Lovelace (“the first programmer”), Grace Hopper (who created “the first compiler”), Margaret Hamilton (who took us to the moon), Elizabeth “Jake” Feinler (who organized the Internet), and countless others.
In cybersecurity we have a few powerful women influencers today:
- Parisa Tabriz, “Security Princess” or Director of Engineering runs Google’s security testing labs.
- Eva Galperin, Director of Cybersecurity at Electronic Freedom Foundation (EFF)
- Rebecca Bace - “Den Mother” as the cybersecurity community nicknamed her - contributed crucial threat intrusion detection work to the US National Security Agency. She was posthumously inducted into the 2019 Cyber Security Hall of Fame.
And there are many more women playing critical roles in information security across the world.
Challenges for DEI in IT security
Yet, in spite of such women and their proven contributions, IT security remains a male-dominated field even within tech. Cyber Security Online sheds light on some of the barriers and challenges to gender diversity becoming a reality in this space. Some of the highlights:
- It starts in school: women are under-represented in computing and STEM subjects.
- Workplaces perpetuate inequity with sizeable pay gaps
- Stereotypes and bias continue to exist
Companies can take active measures to counter these challenges through mentorship, support, hiring policies, and eliminating pay gaps. For example, many companies now sponsor scholarships and run programs focused on women and minorities.
Future outlook and conclusion
There is still a long way to go in bridging gender and other DEI gaps in cybersecurity. Education, policy, and programs for women are key weapons for bridging these gaps, along with mentoring, support, and policy reform by leaders.
The Purple Book Community (PBC) equips people to embrace best practices around cybersecurity. And changing the future for women in security is one of PBC’s key focus areas as we go about helping companies and individuals deal with the evolving challenges of staying secure in a complex digital world.