It is widely known that cybersecurity is one of the many industries continuing to struggle with closing the gender and diversity gap. (ISC)² estimates that the Cybersecurity Workforce Gap currently stands at 2.72 million professionals globally, but women only make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. There is a clear imbalance between the needs of the industry and barriers to entry.
When we dig deeper into those statistics, they are even more staggering for women of color. On average, Black women have been paid 63% of what non-Hispanic white men were paid and women of color account for only 4% of C-suite leaders, a number that hasn’t moved significantly over the past years.
Research from McKinsey also found a significant disconnect between companies’ increased commitment to diversity and inclusion and the day-to-day experiences of women of color. For example, “although more than three-quarters of White employees consider themselves allies to women of color at work, less than half take basic allyship actions, such as speaking out against bias or advocating for new opportunities for women of color,” and “women of color face similar types and frequencies of microaggressions as they did two years ago —and they remain far more likely than White women to be on the receiving end of disrespectful and othering behavior.”
This imbalance was also reflected in the recent (ISC)² report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity, with one respondent saying, “I’m a woman, and then I’m Black, and I’m young. So, I constantly feel out of place. I constantly need to prove myself so that the teams I’m working with respect me.” Another added, “We see a lot of diverse professionals in entry-level positions. But they don’t stay long enough to advance into higher positions. Exit surveys report they leave because the culture doesn’t support them. They feel lost.”
So, what do we do with this quantitative and qualitative data? How do we equip current allies to challenge their unconscious biases and convince potential future allies that diversity and inclusion is not a threat to their jobs? Here are some concrete ways to start:
- Listen to and try to understand the nuances and challenges of women. In particular, women of color face limited leadership opportunities, as well as subtle but pervasive doubts about competence, intelligence, and skills that are unrelated to actual performance.
- State the business case. There is a critical shortage of cybersecurity jobs that need to be filled and we need women, including their diversity of thought and experiences to enhance businesses' ability to fight bad actors.
- Diversity, Equity and Inclusion (DEI) cannot be an extracurricular activity. It has to not only be baked into your strategic plan, but also into all the various company functions (marketing, research, human resources, etc.) and if you work for a publicly traded company, diversity and inclusion reporting will likely need to be part of your human capital disclosures moving forward.
- Celebrate, promote, and amplify diverse individuals in the industry and ensure that these successes are communicated at crucial stages of the career selection process. At a recent Black History event at the National Security Agency, Talya Parker, founder and executive director of Black Girls in Cyber (BGiC), said, “Representation is empowerment. When you see people who look like you in these spaces, it empowers you to show up as the full version of yourself.”
Most importantly, understand that discomfort will be part of the process and understanding the privileges and disadvantages of your own role in the workplace is required. Be transparent and honest. Speak up when you see bias, and understand transformative change takes time.