6 ways the cyber security industry can create more diverse workplaces

Amid soaring demand for their services and a chronic shortage of skilled staff, cyber security companies are searching for ways to make workplaces more appealing and diverse.

Rather than relying on traditional sources of talent such as universities, increasing numbers of firms are thinking outside the box when it comes to recruitment. Firms are also working hard to make their physical and virtual workplaces more attractive so that, once recruited, staff are more likely to stay.

Six key strategies that cyber security companies can follow to build diverse, engaged workforces are:

1. Cognitive diversity:
   It’s important for HR departments to build teams of people who think in different ways. There are a range of assessment tools that can be used to build a picture of a prospective staff member’s personality, and these can help to ensure that new hires will be a good team fit.
   
   Having people who think differently can also help to spur innovation and enable teams to come up with fresh ideas and answers to challenges. For this to be achieved, it’s important to have a diverse range of individual profiles including extroverts, introverts, analytical thinkers and creative types. If cognitive diversity is not achieved, the organisation risks putting a limit on what it can deliver for its clients.
2. Functional diversity:
   This type of diversity comes from the concept of design thinking. If an organisation is forming a team to solve problems, it’s beneficial to bring people from different functional areas across the business. These areas include everything from sales and marketing to engineering, product development, customer service and human resources.
   
   Just because someone hasn’t followed the conventional path of studying cyber security at university doesn’t mean they can’t pick up valuable knowledge and skills on the job. Indeed, someone working in other parts of a company may jump at the chance of joining a security team and working on client projects. Often, an individual’s career path may have zigzagged over the years, and they have picked up skills and experience in myriad different areas.
3. Looking harder:
   Across the cyber security industry, male workers significantly outnumber their female colleagues. Much of this imbalance can be traced back to universities where far more men enrol to study the subject than women. This means that the pool of graduates is imbalanced from the outset.
   
   Most people in the industry agree that hiring should be done on merit rather than through a quota, however it’s important to find ways to address this imbalance. HR departments need to look harder and think outside the box. Tactics that could be put to use include offering shorter working hours or working weeks and flexibility of work location.
   
   HR teams should also be looking harder at other groups of potential hires. These could include those working overseas or in related industries. It’s also important that security firms make it clear that people with special needs will also be warmly welcomed.
4. Solve for the undesirables:
   Within almost every organisation there are people who do not work well with others. They may misuse authority, bully, or try to drag others down. This sort of behaviour will prevent a workplace from feeling inclusive and should never be tolerated.
   
   Managers should not put their heads in the sand and simply pretend that these sorts of behaviours are not occurring. Instead, they should take a “defence-in-depth” approach and ensure those at every level of the company know what is expected and what is not. An organisation should have written policies supported by management action to ensure their people are protected in the same way its data is protected.
5. Come down fast and hard:
   If and when undesirable behaviour is observed in the workplace, it needs to be addressed quickly. Small acts can undo a lot of goodwill and positivity, so it’s important for other staff to see that things are being done. Corrective action sends a message to teams that management “has their back” and understands what has been happening.
   
   People should also be encouraged to report incidents, even before things become a full-blown problem. It is far easier to solve early than to clean up the mess later or have a staff member resign.
6. If you build an attractive workplace, they will come:
   Classic market forces mean that, if a company has a good product on offer, customers will come, and the same holds true when it comes to attracting good staff. It may also further help to address the industry’s large gender imbalance. While it will be very challenging to have the industry reflect the 50/50 ratio that exists in the broader community, even lifting the proportion of roles filled by women by just a couple of percent would contribute to alleviating the skills shortage and making a positive difference.

By following these strategies, cyber security firms will be able to create workplaces that are much more welcoming and inclusive. They will be able to attract staff from a broad range of sources and ensure they feel secure and appreciated.

Sash Vasilevski is the principal at Security Centric.