My editor sent me a link to this cybersecurity podcast-slash-radio show, Task Force 7 Radio, because they’ve been talking about the talent shortage within cybersecurity and especially the shortage of women and people of color.
At approximately 19 minutes in, the host, George Rettus, reads a listener comment about a previous week’s show, which said something along the lines of, “I’m all for diversity, and it’s important, but we can’t lower our technical standards to achieve it.” The listener comment went on to say that “diversity at the expense of competency” isn’t doing anyone any favors.
The person then trotted out the old “I’m really not racist or sexist” defense, adding that the cybersecurity field is already full of people who have no clue what they’re doing. He then followed that up with an assertion that he has personally witnessed qualified white talent being passed over in favor of less-qualified “diversity hires.”
I’ll take, “Things that never happened for $500, Alex.”
First of all, white males dominate this — and every other — technology field. If cybersecurity is truly filled with a bunch of bumbling morons, let’s point the finger there, shall we?
Second, the assumption that you need to lower your technical standards to hire diverse talent is, in fact, incredibly racist and sexist. You’re assuming that women and people of color aren’t applying for or landing cybersecurity jobs because they’re not qualified and completely ignoring the social, economic and political obstacles they face with regards to access to education and training and the very real facts of overt discrimination and unconscious bias.
Third, as my editor pointed out, this position assumes that technical skills are the only ones that matter — which couldn’t be further from the truth. As she said, “Technical expertise is one aspect of it, but soft skills are needed more than ever — especially in leadership positions!”
And finally, diversity isn’t something that can be learned, while skills can be taught. I’ve written a number of times about Cybrary, which is a free, online cybersecurity MOOC provider that aims to educate talent and help close the cybersecurity talent gap.
Identify great candidates, then train for specific skills
Take a page from the college admissions process — identify great candidates based on their skills, knowledge, experience, and willingness to learn and grow, and then invest in training for the specific skills you need. Yes, you want to hire someone who can hit the ground running, but, as evidenced by the massive shortage of talent, that’s about as likely as finding a unicorn in your backyard.
These kinds of comments need to be called out for what they are: backhanded, backwards, covert racist and sexist beliefs masquerading as legitimate questions — in other words, concern trolling. And they have no place in the IT industry — or anywhere at all in 2017.
And, honestly, having to debunk these beliefs, while absolutely necessary, is sapping time and energy that would be better spent solving problems in cybersecurity (like Russian hacking, global election meddling, data breaches, phishing, etc.). The quicker we acknowledge that and work to address this white (male) supremacy, the better off everyone will be — and the closer we’ll get to solving the talent shortage and closing the diversity gap.
Read more about diversity in IT: