Diversity

[Gregory Childers]

According to studies:

Women only make up 24% of the cybersecurity workforce in the United States.
African-Americans only make up 9% of the cybersecurity workforce in the United States.
Hispanics only make up 4% of the cybersecurity workforce in the United States.
There is also a huge disparity of age groups, with more cybersecurity staff members older than 40 than staff members younger than 40.

What are your organizations doing to promote greater diversity? And for the non US-based CIN members, do your organizations experience diversity issues or not?

Women make up just 24% of the cyber workforce. CISA wants to fix that.

CISA Director Jen Easterly tells CBS News her "unreasonable goal" of getting women to make up 50% of the cyber workforce is achievable.

www.cbsnews.com

 

[Brian Ford]

Thanks for starting this thread Greg.

My experience (40+ white male) has been that people are often 'promoted' to SOC roles. Let me elaborate.

The real starting place in SOCs I've seen is doing the work on initially investigating an alert. That's correlating log analysis, SIEM, help desk, operations / change control data with other data sources (primarily packet capture and analysis). That's 'developing evidence'. Many SOC playbooks have really well written scripts that prescribe what evidence an analyst should use and the conclusion that the analyst should reach. Depending on the script that conclusion either closes the alert / action or requires presenting that to a 'next tier' analyst. I see too many organizations doing this wrong. They 'team' or 'intern' someone new with someone else. Often that someone else is the person who has passed basic SOC muster ( 2-4 years on the job) themselves. This is where the problem happens.

Too many hiring managers pair an eager young white male with another eager young white male. They consciously or unconsciously build a boys club. That's what's broken. They don't have the courage (or leadership skills) to team two people with diverse backgrounds (be it gender, race or orientation). They don't want to have to deal with personalities. They aren't strong enough to tell their reports that they should leave all their personal opinions at the door. That's a huge problem and if it's not addressed early on it creates a cancer in an organization.

I don't care how smart a candidate or employee with less than 2-4 years on the job is. If I can't team you with someone who is not like you and get outstanding results; I'm defending my organization by moving you on.