Last week on AWS re:Inforce, at the company’s safety event held in Boston, there was a message of welcome to diversity. It seems that given the sheer number of people needed for cybersecurity in the coming years it could be a way for historically underrepresented groups to find their way into technology.
CJ Moses, CISO at AWS, spoke at the company’s keynote about the importance of different ways of thinking when it comes to keeping companies secure. “Another key part of our culture is having lots of people in the room with different points of view. That could be introversion or extroversion, coming from different backgrounds or cultures, anything that allows your culture to see things differently and challenge each other,” he said.
He added that new ways of thinking can transform cybersecurity teams. “I also think new hires can bring a team high levels of clarity because they don’t have years of bias or a team thinking deep into their mechanics. So when you’re hiring, our best practices encourage you to be sensitive to the composition of interview panels, having multiple viewpoints and backgrounds, because diversity breeds diversity.”
Jasmine Henry, director of field safety at the startup JupiterOnerecently helped create a book titled Reinventing cyber security, looking at how women and transgender people are helping to transform the field of cybersecurity. But to fully achieve this transformation, companies will need to hire more diverse candidates. Henry sees it as the industry’s responsibility to make the workforce more diverse, especially larger organizations like AWS.
“I think there are a lot of people who really want to get in. I see it more as a kind of skills mismatch than a skills gap as there are people who are willing and able and want to work [in this field]. So I think there’s a lot of responsibility on employers, especially large employers, to train those apprenticeships, to upskill their own workforce, to work with community groups … to train people who want to take on those roles,” Henry said. .
She said as people like her make their way into the field, they can help others climb the ladder by helping them gain the skills they need to work in this field. “I’m a first generation graduate, I don’t come from wealth. Safety was how I became middle class, and I’m proud of it. And I am very passionate about mentoring others, especially first-generation graduates,” he said.
In general, the tech industry has not done a good job of diversity. According recruitment site, Zippia, just 25% of tech workers are women despite being half the population, 7% are black compared to 14% of the total US population, and 8% are Latino despite being more than 18% of total US population.
When you look specifically at cyber jobs, women hold 24 percent of those jobs, blacks hold 9 percent, and Latinos hold just 4 percent, according to research from The Aspen Institute.
Jenny Brinkley, director of security at AWS, says Amazon does take this responsibility to hire with more diversity very seriously. In fact, he says the company sees security as a way to bring more diversity to the company in general. “We’re really focused on how we can contribute [as a company]either through open source’s contribution to upscaling talent, creating and identifying skill gaps for these cyber jobs,” he said.
Echoing what Moses said in the keynote, Brinkley believes that security in particular requires a different mindset. “We can start talking more about neurodiversity and as we think about inclusion, equality and diversity as a whole. Does security really represent a moment where we can start talking about how you create and find people to fill these jobs?” He added that these are jobs that have the potential to create multi-generational wealth for individuals, and he sees a big opportunity for people who have historically been left behind in the industry and generally these kinds of high-paying jobs.
Henry says that when he put together the book earlier this year, he saw a way to amplify a variety of voices and see the diversity that already exists in the field. “I really learned a lot about myself along the way because I realized that I had to be intentional about diversity when assembling writers as well, and I realized that a lot of people wanted to talk about identity. They wanted to discuss security through an intersectional lens,” he said.
The Aspen Institute has some specific suggestions for increasing diversity In cyber security, including removing the cost of certification, which certainly larger companies could do. creating partnerships with organizations that can bring in more diverse candidates; and creating mentoring programs that focus on, among other things, diverse people.