teissTalk: Avoiding infosec blind spots and embracing diversity of thought

teissTalk host Jenny Radcliffe was joined by Chris Dunning-Walton, Founder & MD, InfoSec People; Lessie Longstreet, Global Director of Outreach and Partner Engagement for the Cyber Readiness Institute; and Paul Baird, FCIIS, UK Chief Technical Security Officer at Qualys.

 

Views on news

 

Encouragingly, progress regarding the representation and experiences of ethnic minorities and women was recorded in Decrypting Diversity, a collaboration between the National Cyber Security Centre (NCSC) and KPMG in the UK. The study also provided fascinating insights into lesser-discussed areas of diversity including the experiences of neurodivergent and disabled people in the sector.  Interestingly, around one in five (19%) of the 945 industry professionals interviewed for the study identified as neurodivergent. Worryingly, though, the report flagged numerous problems faced by neurodivergent people working in cyber.

 

Around a third reported feeling unable to be themselves in the workplace, and a similar proportion said they experienced discrimination in their job. In addition, over a third (37%) said they had experienced at least one career barrier while working in the sector. the Decrypting Diversity report highlighted several recommendations for the industry to become more inclusive for these individuals. 

 

The findings in the report suggest that at the heart of improving inclusion among people with disability and those that are neurodivergent there lies greater flexibility and appreciating the fact that there are many different ways of learning and contributing to security teams. 

 

Diversity is often seen as the need for bringing more women on board. But diversity should also be an enabler and not just a question of meeting quotas. If a company wants to leverage neurodiversity, it has to think about how to recruit and attain them , as well as how to provide them with a working environment where they can be their true, authentic selves.

 

Typical offices and learning and development programmes are not geared for neurodiverse employees. If job interviewers can’t tackle the issue of affinity bias, they will let biodiverse candidates slip through the net.  To improve the current situation, there should be collaboration between external and internal recruitment teams, HR and hiring managers.

 

 

What could be a game changer is having multi-faceted interview methods and testing skills, so candidates can choose which one fits them best. 

 

The attitudes a new CISO should adopt

 

Although requirements for an information security job may include up to 30 different certificates, getting them has some socio-economic implications as well. An emerging model, where the cost of getting the certification is only payable by the participant when already in post.

 

Meanwhile, there has been a boom in D&I jobs but having a dedicated role with a diversity focus won’t reveal everything about a business’s culture.

 

To learn more about how inclusive a company is, it’s also a good idea to ask for case studies demonstrating how much D&I is top-of-mind for management.

 

Cyber security can become a leader in employing a diverse workforce thanks to its ability to attract more diverse people, as well as its level of adoption of hybrid or online jobs and readiness to create an accommodating working environment for these people.

 

 

The panel’s advice

 

Motivate neurodiverse employees by holding up the successful careers of their peers as positive examples.

 

The information security department is well-positioned to stand up for neurodiverse people and join up with other departments to press management for HR policy changes to accommodate their needs. 

 

Watch the on-demand session here.