Black History Month: diversity in cybersecurity is more important than tech

Each February, the United States, Canada, the United Kingdom and other countries observe Black History Month. It’s a month-long celebration of the generations of black people who have elevated society by the way in which they’ve lived their lives. It’s also an opportunity for us to recognize that there’s still plenty of work to do in the name of promoting diversity and inclusion.

This moment reaches into every sector—including cybersecurity. Indeed, (ISC)2 found that minority representation in the cybersecurity profession was just 26%. Fewer than a quarter (23%) of those individuals held leadership positions in their places of work. That’s despite the fact that 62% of minorities in cybersecurity held a master’s degree or higher, (ISC)2 learned.

Camille Stewart, Google’s head of security policy for Google Play and Android, explained that such a lack of minority representation—especially in leadership positions—ultimately holds back the cybersecurity industry. She used the example of a critical infrastructure company to demonstrate this reality to Dark Reading:

If you are contemplating how to build resilient systems internally that will then affect a diverse consumer base – your critical infrastructure, whether it’s water or electricity – how that [then] affects the daily lives of people who live in predominantly white suburbia versus a black suburban area, versus an inner city with a diverse array of socioeconomic folks, [these] things will be different: The city’s ability to respond. The city’s ability to mobilize around whatever your mitigation is. The impact it will have on how the children in the home are able to connect to school. The ability for the family to have a generator to back them up should the electricity go out. The ability to combat food insecurity if you’ve lost water, or electricity, etc. All of those things change based on things like race and socioeconomic status. And if your mitigations don’t contemplate for the diversity of your consumer base, you have a problem.

Clearly, diversity is instrumental in creating a more secure world. But that raises an important question: how do we foster diversity in cybersecurity?

The State of Security reached out to me along with several other minority cybersecurity experts to ask us about our experiences in the industry. Together, our responses provide a roadmap with which we can honor Black History Month and make the cybersecurity industry a more inclusive place for all.

On the Importance of Mentors

Question 1: Mentorship is extremely important in the world of cybersecurity. During your career, who has helped open doors for you? Who has had a positive impact on your life and how?

Raymond Kirk, @Raymond_The_PM

When it comes to mentors and positive impacts I believe it’s important to have these interactions early in life.

For me, I’ve been fortunate enough to have an extremely talented and impactful mentor from the time I was in high school: Charlton Hudnell, an economics and social studies teacher at the time, who had a way of encouraging me and my peers to strive to be positive members of society, understand the landscape which we would need to navigate and learn the importance of leadership through service.

These values have translated directly into my professional career. In practice, this meant doing work you can be proud of, staying hungry to excel, knowing your value and giving back. I trace all my success back to Charlton Hudnell and the potential he saw in me as a young man.

There is also De Cranford, a Program Director/Guru whom I admire. She has truly shown me how to take large organizational and life challenges and then break them down and execute! She is restless in holding me accountable for my continuous improvement both personally and professionally.

Then there’s Danyell Johnson, my former manager during my Technical Consultant role at Hewlett Packard. He was a great mentor; he encouraged me to get as much training and knowledge about as many products and technologies as I could get my head around. He saw potential in me that created the space and time for professional development from data center experiences to pursuing my path to a PM.

Finally, I had the pleasure of working with Roderick Thornton, a project manager, during our time implementing one of the largest global implementations of Salesforce that had ever been done at the time. He showed me how to communicate and gain executive buy-in, manage multiple stakeholders and deadlines and make it all look easy.

Emanuel Ghebreyesus, @etg71

I think mentoring is more than just the work you do in your cyber security job/world. What you do in your work is defined by who you are as a person, how you have gotten there, what drives you to excel, your principles, your work ethics, your ambitions, what self-challenges you take on to enhance your ability get you committed to a cause, what you are trying to achieve and for what or whom you are driving yourself.

With this in mind, I would like to honor a few mentors:

1. My father and father-in-law, both entrepreneurs with extensive experience, who have taught me the world of business and how to be a successful business person by always knowing what you are talking about, always being prepared, being flexible to adapt to any situation as well as my father’s commitment to progress, to his family and to self-sacrifice to pay for and provide me with the education I had in UK boarding schools and tutorial colleges.
2. VPs and Directors (Richard Parkinson, James Stirk, Mike Dalton, and Ross Allen), who had different impacts on me.
   1. Richard and Mike saw the potential I had coming from an IBM background, when I first started in Cyber Security at Network Associates. They continued to drive me to keep getting trained on the solutions and kept providing me with bespoke Spiff incentives ($5K-10K/month). They committed to me, and I gave my word to never let them down when they needed me to bring in more business when they needed it most.
   2. Ross Allen (aka “The Bull” and “Rossweiler”) built like a wall and scary as hell, but who drove me to excel with his carrot and stick approach
   3. James Stirk: He ran the Government team at Oracle for over 20 years before he joined Intel Security/McAfee at the same time as my second term. He knew everything about government business and drove me to learn something that didn’t about the UK Government. He recommended people to be my mentors, but I didn’t want anyone else because no one else knew more than he did.
3. Paul Rutland: My SE at McAfee, who took time to personally and continuously train me on all things that had to do with firewalls, IPS and IDS systems. This became my main business generators during my time at Intel Security/McAfee. I drove the business from $200K to $4.5 million a year.

Fareedah Shaheed, @CyberFareedah

I would not be where I am today without mentorship and coaching along the way. A couple of people that have been pivotal in my journey are Dr. Jessica Barker, Jane Frankland, Crystal Ro and Aprille Franks. There have been so many others; if I forget to name them, please charge that to my mind and not my heart. Each one of these people has opened countless doors for me and given me phenomenal advice for my life and career. Every single achievement the public sees can be traced back to my mentors’ and coaches’ continuous support.

Gabriel Gumbs, @GabrielGumbs

There is no shortage of people who have opened doors for me in this industry and throughout my career. A couple of those examples have been in unexpected ways, however. If I have to mention any one of them by name, it would be the person who hired me for my very first infosec job: Richard Shuemaker.

I had a very strong interest in security and had been involved in the local security community in New York City, however at the time I was a network engineer. Richard took a chance on a scrappy propeller head and helped me navigate not only the bits and bytes of the professional security world but also the business side. He was my first mentor; we became friends over the years, and since then, I have always felt a calling for paying it forward.

Ambler T. Jackson, LinkedIn

During my career, I’ve worked with several supportive men and women who have helped open doors for me and shape my career. I’ve been fortunate to work with people in leadership at various organizations who believed in me, provided an opportunity to grow as well as gave sound guidance and invaluable feedback based on their own experiences.

The feedback that I received always came at the right time, and it oftentimes allowed me to plan the next steps for my career. My peers and colleagues have also shared information and opportunities with me and encouraged me along the way.

Jihana Barrett, @iamjihana

I can honestly say that different people have poured into my success in this industry. I did not have any direct, streamlined mentorship. When it was time to study for a certification, I sought help from a particular group or individual when I needed to hone my knowledge and my skillset. When I needed more confidence. I turned to another group for leadership and I guess guidance in that way.

So, it was not one particular person, but there has been guidance and mentorship throughout this entire process because there was no way it wasn’t going to happen.

Also, I think another reason why I didn’t have streamlined mentorship was because I didn’t see anyone that was my gender or my ethnicity doing what I was doing. They were engineers, or they did something else, but they didn’t specifically do cybersecurity.

And I remember at one point in my career really seeking that out. And then I realized I just had to create it for myself and then take up that charge, take on that charge to do it for the next generation.

So, that’s why I do career days at my high school. And when people want to talk about how to get into the industry, I offer a consultation on that because I know what it felt like to not feel like there was anyone doing what I wanted to do or anyone to ask those questions from. Because of that, my life and how it’s impacted me has just been phenomenal.

Honestly, I know that cybersecurity is my calling, and it’s what my purpose is in. How I present it and package it to others is how I have the most positive impact.

How to Become a Better Ally

Question 2: The importance of Black History Month should be driven by everyone. For those potential allies that want to do more, but might not know where to start, what advice would you share? How can they help improve awareness, inclusion and opportunities?

Raymond Kirk

Being an ally means truly understanding that Black Lives Matter, being brave enough to articulate that and look for ways to be a part of the solution against racism and inequality.   African Americans have been oppressed for hundreds of years. I think it’s important to understand that not all Americans get the same starting line on their path to success; decision makers will need to reach earlier in the pipeline to groom and attract diverse talent in the infosec community.

Emanuel Ghebreyesus

The advice is very simple but complex. It is also impossible for anyone to say they can’t find information about this elsewhere. Anyone who has the wish and states they can’t find information on this is in denial and purposefully avoiding this internally.

Without the below, nothing can start. 

1. Care enough to make a difference as well as take action to follow what history has wrongly taught and how you may have been raised.
2. Don’t look at anyone based on color, gender, race or age.
3. Everyone is unique, so don’t try to put them into a category you have created in your mind.
4. Practice respect, humanity, generosity, understanding and pure desire to treat everyone as a human being first.
5. Google “Black Lives Matter” and look at https://www.livescience.com/difference-between-race-ethnicity.html, Cultural Diversity, Difference Between Culture and Society, 10 Ways to Be a Better Human Being, Diversity and inclusion strategy 2019 to 2023, Useful organisations for diversity and inclusion, to name a few.

Fareedah Shaheed

I would say to find a way to make a positive impact in the life of someone who doesn’t look like you. This positive impact can come in many forms:

• Recommending them as speakers.
• Sharing job opportunities.
• Mentoring.        
• Sharing resources.      
• Endorsing them.   
• Giving them a testimonial.
• Introducing them to your network.
• Supporting their work and/or initiatives.
• Asking them what support they need and then following through.

And one of the best things allies can do is working on themselves internally by reading books, watching documentaries and having meaningful conversations with themselves and friends on self-awareness and change.

Gabriel Gumbs

Black History Month is larger than the community which it derives its name from. Civil rights are human rights. The reflection of the contributions made by African Americans throughout history in every aspect of daily life in the face of inequality should be driven by all because it is a universal story of struggle.

For those that may not know where to start, but desire championing Black History Month, I would suggest they begin by exploring the lived experiences of others and looking for opportunities to understand those experiences when compared to their own lived experiences. That happens through conversation; it happens through genuine interactions fueled by curiosity.

Ambler T. Jackson

For allies who want to do more to improve awareness, inclusion and opportunities in the infosec community, I suggest being comfortable with providing feedback to those who may need a gentle push in the right direction and to share information and opportunities broadly! Post it on social media, share it at work, share it with your local public library and share it with your book club members. You never know how sharing information and opportunities both inside and outside of your network could change the trajectory of an individual’s career.

Advice for Getting Involved

Question 3: Can you recommend any communities that people looking to join the industry, or those looking to grow their networks, should look to be involved in? Where they can find new opportunities to learn and grow?

Raymond Kirk

One of my favorite communities I always recommend to young adults is yearup.org. They have a phenomenal workforce development program that includes several tracks into the IT and cybersecurity field.

Outside of that, I would look at meetup.com for local IT/cyber security events to network and even General Assembly for training and events.

Emanuel Ghebreyesus

The same as what I said before. Care first and be a human being that refuses to judge at sight but who wants to understand and get involved.

Fareedah Shaheed

The most helpful opportunities to learn and grow come from meeting new people. And these people may turn out to be mentors or job opportunities.

I would also start to be active on Twitter and LinkedIn. Start having conversations with people from the industry. This will lead you into the communities and opportunities you want.

Gabriel Gumbs

The International Consortium of Minority Cybersecurity Professionals is a great community for those looking to grow their networks and join the industry. However, I would also highly suggest ISACA, SANS, OWASP and local B-Sides communities.

There is no one right answer, and in fact, digital communities have been thriving during the pandemic. I would look into the Slack and Discord communities that align with your technology and security interests.

Ambler T. Jackson

Both Women in Security and Privacy (WISP) and the International Association of Privacy Professionals (IAPP) are both great organizations for people to join and to tap into a network of like-minded individuals.

I belong to both, and I enjoy utilizing their resources and network as I continue to learn and grow in my career.