2020 is halfway over. Many people will see this milestone as a good thing. In fact, most people would probably say that 2020 cannot be over fast enough. Even for a virtual organization in an industry not severely damaged by the pandemic, CTA has faced some real challenges during 2020. Our broader digital ecosystem is also showing the strain. Yet, within these challenges, we can find opportunities – if we are willing to take a chance.
At the company level, CTA’s challenges have mostly stemmed from the shift of all our activity on-line. For example, with most staff “WFHWCA” (working from home with children around), we have had more disruptions and interruptions during the workday. Moving board meetings on-line eliminated the less-formal but very valuable member interactions and hindered the growth of personal connections between board members. Eliminating in-person meetings with potential members and the overall economic uncertainty has slowed recruitment compared to previous years.
Conference cancellations have reduced CTA’s exposure and chances to find new connections. The ecosystem-wide challenges are more profound, and most effects will play out over several years. But some impacts have been immediate: the rapid shift to WFH (WCA or not) means the bad guys have more targets with limited security. Companies large and small are moving data to the cloud, often without fully understanding how that change alters their risk profile. Between a pandemic, a major election campaign, and racial unrest in the US, lures and phishing emails have practically written themselves. The anger boiling over across our country as exemplified by the Black Lives Matter movement has provided a sharp reminder that the cybersecurity industry, like many, lacks diversity in almost any measure you can name.
Yet, within challenges lie some opportunities. The growth in on-line activity will expand the number of cybersecurity providers interested in CTA membership, because the more end-users prioritize cybersecurity, the more cybersecurity providers need access to vetted, reliable, shared cybersecurity information to sharpen their competitive edge – exactly what CTA provides. We should take this opportunity to refine our existing use cases and find new ones we can support. CTA has turned the necessity of virtual-only communication into an opportunity to hone our on-line recruiting and communication capabilities. By starting a webinar series and re-launching our blog, we will have even more tools to reach current and prospective members.
The shift to remote work creates an enormous opportunity for the cybersecurity industry as a whole: it has the chance to significantly increase diversity in several different ways. As a colleague said, “One of the key lessons from the pandemic has been that remote work works.” If a cybersecurity company sets up the right processes, effective training, and support for its remote employees, it can move a substantial portion of its operations on-line, make the work hours more flexible, and geographically disperse them. Managers who would have resisted such moves previously have had it amply demonstrated that geographically distributed employees engaged in remote work can still get the job done – even with children around. We have empirical evidence that jobs do not have to be concentrated in a few physical office buildings.
Thus, the cybersecurity industry has the chance to hire employees from a wider variety of places with a wider variety of backgrounds, not just near where they already have a physical presence. By deliberately seeking to hire from geographically diverse locations, companies will gain access to a broader talent pool. Coupling this approach with more traditional diversity efforts could create a triple benefit. First, it could expand opportunity for people of color, women, and other under-represented groups, opening another pathway for success, because those individuals often live outside the existing tech hubs. Second, companies could increase their diversity of experience, ethnic backgrounds, race, gender, and points of view. Volumes of research shows that such diversity generates better results. Finally, the cybersecurity industry could strengthen communities by creating economic opportunities in areas that often lag behind the rest of the US.
How can the industry achieve these outcomes? The place to start is with a commitment from the top to hiring in one or two non-traditional locations. The second step is to adopt an approach to the workforce like those outlined by the Aspen Institute’s Cyber Workforce Initiative ‘Principles for Growing and Sustaining the Nation’s Cybersecurity Workforce’. The third step is to put the right support structures in place to make remote work effective (A Guide To Managing Your (Newly) Remote Workers). The last step is taking the plunge – advertising the positions and making the hires.
We cannot undo the damage that 2020 has brought upon specific individuals and businesses, nor is the cybersecurity industry going to solve the problem of systemic racism. However, we can take the opportunity to listen, learn, and do better. The door is open. The cybersecurity industry should walk through it.