InfoSec remains a tough environment for women and people of color, driving home the importance of Diversity, Equity, and Inclusion (DEI) training. The challenges – and opportunities – are laid bare in a new report from (ISC)2.

In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity” offers rare access to the personal experiences of women and minorities working in cybersecurity.

(ISC)² commissioned Synergia Multicultural Research and Strategy (Synergia) to conduct a global qualitative study to help the organization define where the cybersecurity profession stands today on the diversity spectrum. Twenty-two respondents participated in the research, conducted via seven 90-minute focus groups and one individual interview from May 18-26, 2021. Groups were conducted in English by a seasoned moderator from Synergia Multicultural Research and Strategy. Countries represented in this research included: United States, United Kingdom, Germany, Croatia, Serbia, Singapore, Malaysia, South Africa and Canada.

Participants were asked how DEI is defined in different regions, why creating effective programs is so difficult, the types of work-related challenges these professionals face, and what strategies they believe are successful when building diverse cultures. The resulting study outlines eight recommendations for improving DEI in cybersecurity teams, from implementing cultural sensitivity training to documenting clear advancement practices.

“What we found is that many issues are universal to the experiences of diverse professionals no matter where they live and work,” said Clar Rosso, CEO of (ISC)2. “That tells us that the strategies and solutions to improve organizational practices also have a lot in common, including overcoming unconscious bias, providing pathways for advancement, hiring diverse leaders and championing equitable pay structures.”

The study revealed some painful experiences:

“I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own. They get credit for my talent. It would burn me so bad but, yet, I didn’t really have anyone to lean on,” one respondent said.

“As the only woman in my team, I always had a hard time finding a mentor I could relate to or who gave honest advice. I often felt lonely and had to learn a lot of things through trial and error,” said another.

One respondent’s company has experienced heavy turnover among diverse professionals who hold entry-level positions but don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them.

Respondents do point to some progress, and shared ideas on what it will take to build security teams that are diverse and inclusive. Examples:

  • “My organization has made DEI training mandatory and not voluntary like it used to be. They have also hired several women for key leadership positions. I’ve witnessed a change in the past year with more people sharing their ideas and collaborating, rather than everyone trying to protect their territory.”
  • “In the public sector in the U.S., there has been a lot of focus on getting more women, getting more minorities and getting everyone to share their story. Hiring diverse professionals, with less solid skill sets and putting together work teams with an experienced leader that helps everyone get to a similar level of skill set. Having diverse teams to promote different ideas and perspectives, not only their cybersecurity-related skills.”
  • “We need more Black women and Latinas in cybersecurity, speaking, showcasing their talent, being the trailblazers and paving the path for others knowing that these cybersecurity careers exist, and that it’s personal.”

The study was released in conjunction with the InclusionREADY program at this week’s annual (ISC)²  Security Congress, taking place virtually from Oct. 18-20. The conference features a DEI-focused keynote presentation and five breakout sessions. (ISC)² will also host a virtual DEI booth from which attendees can download the DEI strategic plan for the association, along with other helpful guides for understanding and implementing their own DEI initiatives. (ISC)² established a Global DEI Task Force earlier this year and launched a DEI Resource Center where it hosts a growing number of informational resources for individuals and organizations who are on a DEI journey.

For more information on DEI resources from (ISC)², please visit: