Home » Security Bloggers Network » Seen and Heard: Notes on Diversity, Equity & Inclusion in Cybersecurity from the RSA 2019 Conference

Seen and Heard: Notes on Diversity, Equity & Inclusion in Cybersecurity from the RSA 2019 Conference

by Karen Worstell on April 25, 2019

For the last several months, I’ve collaborated with a team of people to produce articles for the RSA Conference blog. A key member of that effort is Lisa Rothstein who was gracious enough to join us at RSA Conference and use her sketchnoting talents to document several sessions. So many people were blown away by her ability to capture hours of content in a very readable and visual format that we left the notes up on the wall on the 3rd floor of Moscone West where people took selfies with the notes, much like the one below.

Since Lisa is such a gifted artist and listener, and is a first-timer to this conference, I asked her to share her perspectives in the following article.

This was Lisa’s most popular illustration leading up to the RSA Conference.

In my work as a messaging strategist and brand storyteller, I specialize in extracting and articulating the essence of what’s being said, At RSA Conference 2019, I saw and heard a lot about diversity & inclusion, and took visual notes. Here are some of my key takeaways.

Sponsorships Available

The event featured more women, more cultures and more conversations around #DEI

The talent shortage in cybersecurity requires more people, from all genders, cultures, ages and backgrounds, to solve it. This year’s conference had more diverse speakers and discussions around diversity in the industry were front and center.

Cybersecurity is losing women faster than they can hire them

The talent shortage is real — and worse because even once hired, women don’t stay. In Deirdre Diamond’s session “Retaining and Growing Cybersecurity Talent: A Proven Model,” we heard a lot of grim stats, among them that only 14 percent of women remained in cybersecurity five years or longer. This contributes to fewer women in leadership, which makes the environment less welcoming to new female hires, who leave, and the cycle continues.

According to Elaine Marino, (CEO of Equi.li and founder of LadyCoders Conference in Denver) women still get most of the “housework,” like taking notes in meetings, and less of the opportunities to shine that lead to promotion. This perpetuates the impression that their careers are going nowhere, and lowers incentive for them to remain. Cybersecurity needs to stop this leakage as much or more than it needs to fill the bucket.

Men must be part of the solution.

James Gordon of Intel Corp. has a lot to be proud of. The initiative he headed to promote diversity, equity and inclusion at the company hit its first target ahead of schedule, and now Intel’s workforce has already increased its female representation 8.5 percent while also boosting under-represented minorities by +17 percent, African Americans by +31 percent , Hispanics by 10 percent and Native Americans by +40 percent.

He is a firm believer that diversity allows Intel to better serve its customers. But it’s not enough to hire more women, or to make speeches about diversity. Men in tech need to take positive actions to make sure women belong and succeed. Along with Karen Worstell of Mojo Maker, Gordon coined the slogan #BeAnAlly to exhort more men to step up and actively participate in the effort to balance the scales in tech.

Women need to be bold and claim the spotlight for themselves

Women who want to prevent being overlooked in their careers can take matters into their own hands. At the “She Speaks Security” panel, I heard a host of useful tactics for women on how to use public speaking to raise their profiles in their organizations and the industry as a whole. While tech conferences are often accused of fielding all-male panels and keynotes, women can’t get on those stages if they’re not applying to speak. As the moderator of this all-female panel stated, “it’s not an option for women to sit down and be quiet.”

A commitment to diversity & inclusion improves life and work for everyone.

With its nonstop crisis mode, the impression of ever-growing threats, long hours and a culture that has celebrated those “who can take the heat”, cybersecurity is a breeding ground for burnout. Women, who often still bear the majority of family responsibilities for both children and elderly parents, have it even rougher, which contributes to their dropping out of the industry at twice the rate of men. By taking steps to improve life for everyone — for example providing both maternity and paternity leave, floating holidays that people of different faiths can use as they choose, and flexible hours for caretakers of aging relatives, companies make their workplace at once more equitable, more inviting to diverse talent and better overall.

Diversity of experience & thought = more creative thinking

Emily Heath of United Airlines made a passionate and convincing business case for the positive business effects of hiring diverse talent, separate and apart from any moral or social considerations. At United Airlines, they recruit for the ability to solve specific problems, and search for out-of-the-box talent that bring a wide array of life and professional experience and creative ideas to the table. This has allowed her team to springboard innovation, while increasing its female representation to 46 percent.

I also heard some challenges.

Some men think the diversity issue is “solved.”

I heard this from well-meaning men and from other women who reported what they’d been hearing in their workplaces. Because women and minorities are now being seen more in the workplace, there’s an attitude among some men that diversity and inclusion are no longer an issue. These impressions are purely anecdotal, however, as women still only comprise 19-23 percent of all technical roles, and women continue to be underrepresented in executive roles, especially in US tech companies. ^{^[1]}

Men who want to #BeAnAlly need to know HOW.

Even for men in tech companies who buy into the concept of supporting women in their organizations, it’s sometimes hard to navigate between being helpful or intrusive. And it’s hard to know exactly what actions they can personally take. Companies can’t expect men to “just know” what to do; specific training and dialogue are needed. Steps like taking responsibility to actively sponsor an individual woman on their team, and asking ahead of time whether their presence will be welcome at an all-women’s conference, for example, and how they can best support it, are the kinds of practical actions that can help men #BeAnAlly.

Diversity & Inclusion efforts can’t begin and end with recruitment.

I repeatedly heard that many companies were “ticking the box” by hiring diverse talent, but then leaving them to shoehorn themselves into a culture that didn’t help them belong, or making them the de facto poster child and go-to person around diversity at the organization. For better performance and retention, companies need to take active steps in the onboarding process to make new hires feel an integral part of the team, not a token. As Elaine Marino of LadyCoders Conference says: “Diversity is like being invited to the dance, inclusion is being asked to dance, and belonging is knowing all the songs at the dance.”

Unconscious bias is everywhere.

Companies need to be ever-vigilant around their language (is “compassionate” more likely to be attributed to a female, while “decisive” more to a male?), their recruiting practices and even perks and rewards to counteract and prevent unconscious bias from repelling diverse talent or stopping them from being considered in the first place. Individuals who see it need to call it out, and we all need to acknowledge it ourselves. It’s likely to be a long process, but with practice, more companies will begin to recognize it and root it out.

Conclusion: On the right track, and not there yet

From what I observed, the trend toward diversity, equity, and inclusion in cybersecurity is encouraging. More large companies are talking about it and some, like Intel and United Airlines, are taking real, visible, significant steps to improve, and are seeing the benefits. The challenge for the industry may be to avoid becoming a victim of its success — by interpreting early signs of positive change as equivalent to having reached the goal. And as time goes on, companies need to share more stories of success –and yes, data — that highlight the positive effects of a more diverse workforce. As I’ve found with my visual notes, once people can see an idea, they’re more likely to understand, remember, and act on it.

Lisa Rothstein is a brand storyteller who helps tech companies craft messages that inspire action and fierce loyalty in customers and internal stakeholders alike To receive a copy of all of Lisa’s visual notes from the RSA Conference 2019, or for more information, email [email protected] or contact her through her website http://drawingoutyourgenius.com

^{^[1]} From “Microsoft Ceilings”, Seattle Times, April 15, 2018 p A14: “The share of women decreases when looking only at technology jobs or the managerial and executive ranks [at the largest US technology firms, Amazon, Apple, Facebook Google, LinkedIn and Microsoft.] While women comprised about one-third of the workforce at those companies, technology jobs held by women in those firms globally average range from 19-23%. The percentage of women in executive roles range from a low of 13% at Google to a high of 37% at LinkedIn. Microsoft is 22%, Facebook is 28%, Apple is 19% and Amazon is 22%.