In the current global landscape of near daily announcements of cyberattacks, organizations can no longer just sit back and wait for employees to find them; they must be proactive. Organizations need to understand the indicators of success for their cybersecurity positions, and they may be surprised to learn that degrees and experience are not always the best indicators. Workforce diversity is not only about employing different races but also includes diversity in culture, personalities and even neurocapabilities.
I participated in a design-athon event hosted by Marymount University and Melwood in 2020 and the event introduced me to the concept of neurodiversity in the workplace. The focus of the event was to raise awareness of design considerations that highlight the needs of a diverse workplace. Much like how autism is discussed as being along a spectrum, all individuals can be thought of as being on a spectrum of neurocognitive abilities. For example, studies have shown that neurodivergent people are better able to sense changes in the environment around them and thus are better at noticing changes in patterns. One could see how this ability to identify anomalies would be welcomed in the cybersecurity field. This class of potential employees is drastically underutilized globally, and organizations need to evaluate ways to tap these resources.
Another consideration in finding the right person for vacant cybersecurity positions is personality. One model that some organizations are embracing is the RAISEC Model. A team of researchers proposed six specific traits that could be used to select personnel within the cybersecurity domain. These traits include:
- Systemic thinking—People who can see beyond what is immediately in front of them
- Being a team player—Those with the ability to work with a diverse group of cybersecurity personnel to achieve shared objectives
- Good technical and social skills—Those with the ability to understand cybersecurity topics from the perspective of the standard user and the capability to communicate in a manner that can be understood by laymen
- Civic duty—People with a strong sense of loyalty to their organization and their country
- Desire for continued learning—People with this trait acknowledge the rapid change in the cyber domain
- Good communication—Much like the social trait, people with this trait can translate highly technical information into a format that is easily understood by nontechnical staff and senior leadership
If organizations can select personnel the right personality traits that meet their specific needs, then the likelihood of success for the new employee and the organization drastically increases. A person’s technical and social skill set may be of particular interest. Many employers look for a candidate’s technical abilities, but often their ability to understand the technology from the perspective of the user is even more critical. To ensure the selection of the ideal candidate, hiring managers must take a deep look at what skill sets they truly need and adjust their recruitment efforts.
The global skills gap in cybersecurity is only growing, so leaders need to look at a wide variety of solutions to overcome these challenges and achieve workforce diversity in cybersecurity.
Editor’s note: For further insights on this topic, read Christopher Henry’s recent Journal article, “Cybersecurity Workforce Diversity—Including Cultures, Personalities and Neurodiversity,” ISACA Journal, volume 5, 2021.
ISACA Journal Turns 50 This Year! Celebrate with us—and don’t forget you can still receive the print copy by visiting your preference center and opting in!