Leo Cunningham, CISO at Owkin.
In an industry tasked with defending against threats from every corner of the globe, cybersecurity's lack of diversity isn't just a cultural shortcoming—it's a strategic vulnerability. With women comprising only 24% of the cybersecurity workforce and ethnic minorities "also underrepresented in the sector," we're fighting sophisticated global threats with one hand tied behind our back. As cyberattacks become increasingly complex and varied, our defense strategies must evolve beyond traditional technical solutions to encompass diverse perspectives, experiences and approaches.
In my 20 years of being in technology and cybersecurity, diversity, such as gender equality, has always been an industry issue that's ignored or no one wants to tackle. During my time at Flo Health, females comprised over 50% of the company, and 20% of our core security team were women. When hiring for cybersecurity roles, you should consider all walks of life and expand your talent pool as much as you can.
The Case For Diversity
Cyberattackers come from all walks of life, bringing varied cultural contexts, thought processes and attack methodologies. A homogeneous defense team, no matter how technically proficient, risks developing blind spots that adversaries can exploit. Diverse teams, by contrast, bring multiple viewpoints to threat analysis, leading to more comprehensive security strategies.
Innovation thrives on different perspectives. When teams include individuals from various backgrounds—whether cultural, educational or experiential—they're more likely to develop novel solutions to complex security challenges. A former artist might approach visual pattern recognition differently than a traditional computer science graduate, potentially leading to breakthrough detection methodologies. Similarly, professionals from neurodivergent backgrounds often excel at pattern recognition and problem-solving in ways that traditional security approaches might miss.
Global Threats Require Global Understanding
Cybersecurity is inherently global. Teams with diverse language skills and cultural understanding are better equipped to analyze threats originating from different regions, understand cultural nuances in social engineering attacks and develop culturally aware security solutions. Companies with diverse teams are about 36% more likely to outperform their competitors, according to McKinsey researchers. In cybersecurity, this translates to better risk management and more effective security solutions.
Consider the rise in sophisticated social engineering attacks. These often rely heavily on cultural context and local nuances that might be missed by teams lacking diverse perspectives. A security professional who understands the cultural context of a specific region can more readily identify suspicious patterns in phishing attempts or social manipulation strategies targeted at particular communities.
Breaking Down Barriers
To achieve meaningful diversity in cybersecurity, here are some tips that have helped me take concrete steps to change the standard approaches:
1. Expand recruitment channels.
One way to broaden your cybersecurity team is to partner with diverse educational institutions and community organizations. You could also create apprenticeship programs for career changers and develop mentorship initiatives for underrepresented groups. Also, establish relationships with organizations supporting neurodivergent individuals to expand your candidate pool.
At Owkin, we look for talent far and wide. We focus more on a person's alignment with our values, passions and what superpower they can bring to our company.
2. Rethink requirements.
Nontraditional backgrounds and lived experiences create value in your team. Emphasize skills over credentials and help create alternative pathways to cyber careers. You may even find a skill set that can crossover, such as QA testing into DevSecOps. This will help close the skills gap and uncover people to fill roles.
At Owkin, we try to think outside the box and look for transversal skills that could be applied to many different disciplines, such as back-end engineering skills that can be used to help support cloud security tasks and automation.
3. Foster an inclusive culture.
Provide comprehensive cultural awareness training to show people in your company the uniqueness of your team and help change opinions and misconceptions. Establish employee resource groups companywide to communicate diversity and share thoughts and opportunities for growth. This can also help create meaningful professional development opportunities and ensure equitable pay and promotion practices.
At Owkin, we foster values and a culture that ensure everyone's voice is heard and their contributions are noticed. We also have dedicated Slack channels to showcase this and raise awareness of people's contributions that have enhanced our culture.
Success Stories
Several organizations are already seeing the benefits of diverse cybersecurity teams. Netflix reports that their neurodivergent cyber analysts have identified patterns in malware behavior that traditional analysis missed. And Bank of America attributes its success in many technical areas, "such as cryptography, data analytics, and reverse malware engineering," to insights from team members with nontraditional backgrounds.
The Bottom Line
The next generation of cyber threats will require a next-generation workforce. Organizations embracing diversity won't just be ticking a box—they'll build more resilient, innovative and effective security teams.
The challenges we face in cybersecurity are unprecedented in their complexity and scope. From nation-state actors to sophisticated criminal enterprises, our adversaries are diverse, adaptable and innovative. To defend against them effectively, our teams must be equally diverse and dynamic.
In an era where cyber threats are evolving faster than ever, we can't afford to limit our perspective. Diversity in cybersecurity isn't just about doing what's right—it's about building the strongest possible defense against tomorrow's threats. Organizations that understand this fundamental truth will not only create more equitable workplaces but will also be better positioned to protect against the evolving threat landscape.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

1 year ago
44













English (US)