RSA 2022: execs call for diversity in cybersecurity

“Hell, the attackers are more diverse than we are,” said one CEO
article cover

Morsa Images/Getty Images

· 3 min read

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Bryan Palma, Trellix’s CEO, sees a diversity problem in the IT world.

"We are a largely homogenized group," Palma told a crowd at this year's RSA conference.

In addition to revealing a depressing cybersecurity staffing shortage, a June 2022 review from Trellix had another stark takeaway: 78% of the surveyed security pros identified as male, 64% identified as white, and 89% identified as straight.

In event presentations, executives stressed the importance of embracing diversity in cybersecurity, both to address a talent shortage and a varied set of attacks. 

“By failing to cultivate a more inclusive environment and neglecting to provide pathways for more female and non-binary people, people of color, and people from the LGBTQ+ community, we are only widening our already enormous talent gap,” Palma said.

“Hell, the attackers are more diverse than we are,” Palma added. ”Even they understand the importance of having a bigger tent.”

Over 90% of respondents from the Trellix survey—a global study of 1,000 cybersecurity professionals—declared that more could be done to encourage hiring from a range of demographic backgrounds. Similarly, 92% of respondents agreed that internships and training programs would, “encourage and support participation of workers from diverse backgrounds into cybersecurity-based roles.”

“By extending program participation to include more historically Black universities, liberal arts schools, and community colleges, we could achieve an even larger, more diverse talent pool,” Palma told the audience.

Technology challenges increasingly call for a variety of skill sets. AI requires ethics specialists to drive decision-making. A cyberwar needs professionals who speak other languages.

“Our attackers are diverse...They exploit the biases in our systems when we have homogenous teams, said Vasu Jakkal, CVP at Microsoft Security, in a separate presentation. “When we represent the world and we reflect who the world is, we do better cybersecurity.”

A final session at RSA had three panelists, including Betty Elliott, CISO at Freddie Mac, and Michael Cunningham, CISO at Graphic Packaging International, speak candidly about the need for execs to better understand the pressures that a predominantly white and male environment places on those who are neither.

“No one should have to push through something that doesn’t allow them to be their authentic self,” said Cunningham. “In order for us to be able to really fill that gap of the cybersecurity shortage of resources, being able to transform organizations to be a little bit more digital, to understand that in order for us to really make things happen at a greater scale, at a greater pace, we have to be receptive to other ideas…other personalities, other looks, persuasions.”—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.