Managing for Inclusion Across the Talent Lifecycle: The Key to Diversity, Equity, and Inclusion in Cybersecurity Part 1


It’s one thing to say we want diversity in the cybersecurity space, and even to take steps to achieve it, but companies know that to win the talent they need to look for new faces in new places. They may even agree with the view that more diversity contributes to more creativity and innovation 

DevOps Connect:DevSecOps @ RSAC 2022

Only 9% of CIOs are women, and higher-profile, higher-paying jobs all throughout tech organizations have similar underrepresentation. So, it’s unfortunate but not surprising that half of all women leave tech jobs early, twice the rate of men. Ethnic minorities, LGBTQ and intersectional people are neither hired, promoted nor retained at the same degree as the majority.

One way to break the logjam on this issue today might be to take a longer view. 

Companies that want to do more than pay lip service to the goal of diversity would do well to consider the entire lifecycle of a diverse hire, and what happens before, during and long after they sign on to your organization. 

In this two-part blog series, we will explore the four stages of this lifecycle where unconscious bias is often “baked into” the process, stymying even the most sincere efforts. 

By focusing on each stage individually, shoring up its deficiencies, and rooting out the inherent unconscious bias, we can build a stronger, leak-proof talent pipeline, and a more supportive environment where diverse hires can flourish. 

Stage 1: Recruitment 

The efforts to create an inclusive culture must begin in the recruitment process. Virtually all elements of recruiting in tech, from the way job postings are written, to how jobs are advertised, are tainted with unconscious bias, but there is very little screening or training to guard against this or root it out. 

According to a recent report by McKinsey and (, “Fewer than one in four companies uses tools to reduce bias when reviewing résumés, even though reviewers often fail to give equal consideration to women, people of color, and other underrepresented groups.”

The study found, among other things, that only 19% of companies require unconscious bias training for employees involved in hiring. A mere 4% require training for employees involved in performance reviews. And fewer than 30% remind employees to take steps to avoid bias at the outset of both processes. 

University of North Carolina at Chapel Hill Executive Development notes: “Unconscious bias can skew talent and performance reviews. It also affects who gets hired, promoted, and developed—and this unwittingly undermines an organization’s culture.”  It is critical that companies take concrete steps to counter it. 

Where’s the Talent? 

One common defense leveled by those responsible for hiring at tech companies, including cybersecurity, is that the diverse candidates “just aren’t there.”  But this all depends on what one’s definition of “there” is, according to Elaine Marino, CEO of Equili and Founder of the LadyCoders Conference. 

“Most blame the pipeline for the lack of diversity in tech,” she says. “My question to them is, have you attended Women Who Code, Girl Develop It, Grace Hopper, Hackbright Academy? Or mentored at Hack The Hood, Black Girls Code, Latinas in STEM, Qeyno Labs? My first response when I hear there are no diverse candidates is to encourage people to meet candidates where they are, mentor, teach, or even just attend and listen. Diverse candidates are not going to be where the majority congregates. You have to go to them.” 

For women and other groups who are underrepresented in cybersecurity, a barrier to entry can also be the accessibility of training and cost of getting certified. 

“Another way companies can enhance recruiting and onboarding of new talent is eliminating the obstacles at the entrance,” according to Carmen Marsh, CEO of Inteligenca. Inteligenca developed a training program called “100 Women in 100 Days” to train and certify women in the top four cybersecurity certifications at no cost. To overcome the obstacle of new cybersecurity professionals of finding entry-level positions, they also help graduates find an internship with the local companies who are willing to train on the job.

Stage 2: Onboarding 

Once you’ve recruited your new diverse hires, the next critical stage in the lifecycle of a diverse hire where innovative approaches are needed is onboarding. How do you bring these people into the organization in a way that makes them feel that they are valued and that they belong, and aren’t just a token gesture? 

First, put the emphasis on including them, rather than making them productive and profitable from day one. This may mean slowing down at first, rather than ramping up. The bias towards new hires who can “hit the ground running” has been entrenched in corporate culture and language for years. This may result in having more diverse hires running in the wrong direction — out the door — if they’ve had a negative or less-than-inclusive experience during onboarding

Let them know that the company is committed to diversity and inclusion, early during the orientation/onboarding process. Loop them in on the company or team’s big picture strategy so they can feel a part of it from the beginning, and give them the lowdown on how the team communicates (Slack? Email? Walking into the supervisor’s office?). Most of all, listen and get feedback… and make sure the entire team is “with the program” when it comes to inclusivity. An established clique, operating out of mere habit, can unwittingly undo all of management’s best efforts. 

In our next blog on this topic, we’ll look at the final two stages of the lifecycle for a diverse talent hire: development and retention.

*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by Karen Worstell. Read the original post at: