This year’s RSA Conference (RSAC) theme was “Stronger Together”, and as I saw the crowds of attendees taking part in summits, hackathons, and networking events each day, this felt particularly insightful. Events like this are about bringing together cybersecurity professionals and empowering the collective “we” in the industry.
This is impossible without a sense of camaraderie and a genuine commitment to inclusivity. Here are my takeaways on how RSAC 2023 made this possible…
Building Effective DE&I Programmes
Put simply, if people feel like there isn’t space for them in an organisation, they will self-select out. Recent SAP research found that more than 50% of cyber candidates self-select out of application processes, and it’s vital that we as an industry find out why.
Panellists in the ‘Diversity, Equity & Inclusion: The Paradoxical Effect & Impact on Security’ session discussed the pros and cons of short and long-term recruiting and emphasised the importance of retention strategies to drive and sustain growth.
Cybersecurity is an industry that struggles with diversity. Only 9% of cybersecurity experts are Black. About 8% are Asian and 4% are Hispanic.
The panel debated how to improve diversity in the sector and meet the skills gap simultaneously. Recommendations included building talent internally through community engagement, and using academic and coalition partnerships to support recruiting efforts. As often pops up in these conversations, the value of implementing mentorship employee sponsorship schemes was a strategy repeatedly lauded as a means to engage and retain diverse talent.
“There’s a difference between being invited to the dance – and being invited to the dance floor,” stated panellist Colonel J. Carlos Vega. Beyond driving diversity in the candidate pool, Vega challenged hiring managers to continue to support those same candidates throughout their career so that they can have a voice in important discussions.
Focusing on Gender Inclusion
What is striking about the cybersecurity industry is just how much its inclusivity efforts could have a direct impact on the talent shortage that it is currently facing.
Shockingly only 25% of people in cybersecurity are women.
Attending the session on ‘Empowering the Next Generation of Women in Cyber’ by EWF and PwC, it was good to hear a strong emphasis on the importance of women’s role in cybersecurity.
As they say, talk is cheap, and actions mean something. At RSAC, I had multiple constructive conversations around what can be considered real allyship, and what is just performative. Sponsoring champions, using your leadership to create meaningful inclusivity within your teams, and advocating for others are key ways that companies, and we as individuals, can do this.
Addressing harmful stereotypes or attitudes can be difficult, but it is a step we can all take to make spaces safer. The point here is to build this type of feedback into company culture, rather than letting these important conversations feel intimidating, or assuming that people are too busy for these meaningful conversations.
Why Inclusive Language Matters in Cybersecurity
Our words can have a powerful impact on creating an inclusive atmosphere. Whether we’re in a professional or personal setting, the language we use can significantly affect whether those around us feel welcome and comfortable.
Words and expressions are used every day without a true understanding of their implications. In recent years, there has been a push to better understand the phrases that have impacted marginalised communities, and this was a key topic at RSAC.
Incorporating inclusive language into our everyday conversations is a conscious effort that demands self-awareness and thought. To support this effort, the WiCyS Racial Equity Committee has drafted an ongoing document of inclusive language resources for cybersecurity teams. This is a brilliant step in shaping the industry into one we can all be proud of as we move forward together.
RSAC is not only an opportunity to make sales and industry connections, and it is great to see the event pushing to have a larger impact on the culture of the cyber industry. Armis, a partner of our client Eseye, illustrated the theme of ‘Stronger Together’ by making donations to St. Jude’s Children’s Hospital on behalf of every badge scanned, rather than handing out a bag of swag, a choice I was proud to see.
RSA was an incredible experience, cultivating and educating its community of attendees and exhibitors to feel truly stronger together.
For more information about how C8 Consulting can help to create compelling campaigns and kick-start conversations for your business, or to understand more about the social and digital activities that we are undertaking for our clients please feel free to contact us.