Debunking DEI as a security threat: How DEI can improve security
Despite evidence that prioritizing Diversity, Equity and Inclusion (DEI) in the workforce is a profitable and secure path for the security industry, recent headlines are misleading readers about its usefulness. Often seen as a threat to organizational and government security efforts, DEI is being mislabeled as a tradeoff or zero-sum game where its efforts inherently compromise security requirements and resources.
A key concern centers around DEI efforts distracting from security missions because firms and agencies are more focused on hiring diverse candidates vs. the most qualified ones. But critics are missing a key point: diverse candidates do not equate to less qualified candidates. Further, failing to prioritize DEI can lead to siloed thinking, and therefore siloed protection.
For the security industry to truly take advantage of the improvements DEI can bring, we must first get rid of the notion that investing in DEI somehow undermines current security practices or gets rid of their effectiveness. In a lot of cases, it starts with addressing unconscious biases. These automatic judgements and stereotypes, while unintentional, do influence perceptions of other people and have a major impact on decisions and actions when interacting with others.
To debunk the idea that DEI poses a security threat, it’s important to understand the role unconscious bias plays in the industry and what to do to bring on more diverse candidates with the qualifications the security industry needs.
How DEI can improve security standards
Security leaders can have the most strategic plans down on paper, but without a cohesive culture bringing a workforce together to execute those plans, they are only ever pipe dreams. Diverse workforces lead to this kind of culture, but only when done right. Diversity can’t be an add-on to a company culture, a box to check — it needs to be a critical part of a team’s behavior.
Breaking down barriers from unconscious bias is a first step, and in most cases, one of the hardest ones to make. But consider how unconscious bias wears down the efficacy of security strategies and standards:
- Development of policies and procedures: Bias can lead to a lack of diversity and may cause security teams to overlook the needs of more diverse populations or properly address scenarios that exist outside their own experiences. Security measures that don’t take things like cultural or socio-economic backgrounds into consideration may alienate the people who need to be protected, thus being less effective.
- Approach to incident response: Having a less diverse team has a direct effect on how security incidents are investigated and ultimately addressed. This is because homogenous or siloed approaches and thought processes may mean threats are underestimated or mischaracterized which could lead to inadequate or inaccurate responses.
- Communication and team dynamic: When voices or viewpoints are constantly undervalued or ignored, it impacts how team members interact and work with each other. This often stifles innovation and hinders how effectively challenges can be addressed.
- Adaptability: More diverse teams can often be more capable of thinking outside the box, adapting to new challenges at a quicker pace. Unconscious bias can restrict a broader range of ideas or solutions that could be brought to the table to solve new threats.
- Talent recruitment and hiring: Homogenous teams may miss out on more diverse approaches to solving problems. A crucial aspect of identifying and addressing a wide range of security threats. Unconscious bias can have some of its biggest long-term impacts in recruitment as hiring decisions are often where an organization’s diversity journey starts.
Addressing unconscious bias requires a culture of inclusivity and fairness, bias training for existing workforces, and a standardized, transparent process for hiring and evaluation. One that looks for qualified candidates who can bring new ideas and innovations to the team.
Hire talent that is both diverse and qualified
Security organizations that leverage diverse perspectives to build equitable environments enhance the ability to effectively address the industry’s complex and evolving threats. And many of today’s workforce want to see more DEI initiatives and action. Survey data found 64% of respondents (nearly two in three) would personally benefit if their company was truly committed to DEI.
Infusing DEI into the candidate vetting and hiring process is a crucial part of taking these initiatives from verbal commitments to real action. Hiring processes must be structured with standardized questions and evaluation criteria to ensure fair comparisons between candidates. Those who are conducting interviews should be a diverse group in and of themselves. Job descriptions with inclusive language and that focus on skills and core competencies of a role will naturally bring in more qualified applicants without discouraging diverse job seekers.
Recruiting diverse talent also requires expanding the channels used to recruit. Partnering with diverse organizations and universities helps connect efforts to underrepresented groups within the security industry. Tools that anonymize candidate resumes by only showing skills and qualifications vs. identifying information such as name and gender help remove unconscious biases during the vetting phase.
Most importantly, security organizations should be setting specific DEI goals and then consistently measuring progress towards achieving those. Getting diverse candidates in the door isn’t the only focus, there needs to be clear pathways for all employees to grow their careers and contribute to innovation and strategic initiatives.
DEI works to better address threats
When it comes to safeguarding assets, whether it’s people, data or systems, security is a critical business priority that involves everyone. As the threat landscape becomes more complex, security organizations must stay several steps ahead to stop bad actors. Undeniably, the more diverse teams and security experts are, the more equipped the industry will be to accomplish this. But building a culture of DEI in the security industry will not happen overnight.
To get started, the industry must accept that DEI makes the security industry better and throw out the notion that it hinders strategic progress. The goal is to have a more knowledgeable and actively engaged security workforce. Diversifying the people who contribute to the development of security approaches and breaking down biases in the industry leads to reduced risk and better outcomes.